Proof of Process: An Evidence Framework for Digital Authorship Attestation

1.2.1. What This Specification Defines

This specification defines:¶

• Evidence format: The structure of Evidence Packets (.pop files) containing checkpoint chains, behavioral entropy bindings, and cryptographic proofs.¶
• Attestation result format: The structure of Attestation Results (.war files) produced by Verifiers after appraising Evidence.¶
• Checkpoint structure: The cryptographic construction binding document states, timing proofs, and behavioral evidence.¶
• Verification procedures: Algorithms for independent verification of Evidence Packets without access to the original Attesting Environment.¶
• Claim taxonomy: Classification of claims into chain-verifiable and monitoring-dependent categories with explicit trust requirements.¶

1.2.2. What This Specification Does NOT Define

This specification explicitly excludes:¶

• Content analysis: No examination of document content for stylometric patterns, linguistic features, or semantic meaning.¶
• Authorship determination: No claims about the identity of the author beyond cryptographic key binding. The specification documents process, not persons.¶
• Intent inference: No claims about the cognitive state, creative intent, or mental processes of the author.¶
• AI detection: No classification of content as "human-written" or "AI-generated." The specification provides evidence about process; interpretation is left to Relying Parties.¶
• Surveillance mechanisms: No screen capture, keystroke content logging, or continuous monitoring. Behavioral signals are captured as timing entropy, not content.¶

1.2.3. Relationship to RATS Architecture

This specification implements a specialized profile of the Remote ATtestation procedureS (RATS) architecture [RFC9334] with domain-specific extensions for behavioral evidence and process documentation.¶

The RATS role mappings are:¶

Attester:

The witnessd-core library running on the author's device, producing Evidence Packets (.pop files).¶

Verifier:

Any implementation capable of parsing and appraising Evidence Packets, producing Attestation Results (.war files).¶

Relying Party:

The entity consuming Attestation Results for trust decisions (e.g., academic institutions, publishers, legal systems).¶

The Evidence produced by this specification extends standard RATS evidence with behavioral entropy bindings and Verifiable Delay Function proofs for temporal ordering.¶

1.3.1. Privacy by Construction

The framework enforces privacy through structural constraints, not policy promises:¶

• No document content is stored in Evidence Packets. Content is represented only by cryptographic hashes.¶
• No characters typed are captured. Keystroke timing is recorded without association to specific characters.¶
• No screenshots or screen recordings are taken. Visual content is never captured by the Attesting Environment.¶
• Behavioral data is aggregated into statistical summaries before inclusion in Evidence, preventing reconstruction of input sequences.¶

1.3.2. Zero Trust: Locally Generated, Independently Verifiable

Evidence generation and verification are fully decoupled:¶

• Evidence is generated entirely on the Attester device with no network dependency during creation.¶
• Verification requires only the Evidence Packet itself; no access to the original device, the document content, or external services (except for optional external anchor validation).¶
• Multiple independent Verifiers can appraise the same Evidence, enabling adversarial review.¶
• No trusted third party is required for basic verification.¶

1.3.3. Evidence Over Inference

The framework provides observable evidence, not conclusions:¶

• Claims are classified as chain-verifiable (provable from Evidence alone) or monitoring-dependent (requiring Attesting Environment trust).¶
• Attestation Results document what was verified, not what should be believed.¶
• Confidence scores and caveats accompany all assessments, enabling informed Relying Party decisions.¶
• The specification makes no absolute claims about authorship, intent, or authenticity.¶

1.3.4. Cost-Asymmetric Forgery

The framework makes forgery expensive relative to genuine creation:¶

• Verifiable Delay Functions (VDFs) establish minimum elapsed time that cannot be circumvented through parallelization.¶
• Captured behavioral entropy commits to timing measurements that cannot be regenerated without access to the original input stream.¶
• Hash chain construction ensures any modification invalidates all subsequent evidence.¶
• The forgery-cost-section quantifies attack costs, enabling risk assessment by Relying Parties.¶

IMPORTANT: This framework does not claim to make forgery impossible. It raises the cost of forgery relative to honest participation and provides quantified bounds on attack economics.¶

1.6.1. CDDL Notation

Data structures in this document are specified using the Concise Data Definition Language (CDDL) [RFC8610]. CDDL provides a notation for expressing CBOR and JSON data structures.¶

The normative CDDL definitions appear inline in the relevant sections.¶

1.6.2. CBOR Encoding

Both Evidence Packets and Attestation Results use CBOR (Concise Binary Object Representation) encoding per [RFC8949]. CBOR provides efficient binary encoding with support for semantic tags and extensibility.¶

This specification uses:¶

• Semantic tags for type identification (Evidence Packet: 1347571280, Attestation Result: 1463894560)¶
• Integer keys (1-99) for core protocol fields to minimize encoding size¶
• String keys for vendor extensions and application-specific fields¶
• Deterministic encoding (RFC 8949 Section 4.2) RECOMMENDED for signature verification¶

1.6.3. COSE Signatures

Cryptographic signatures use COSE ([IANA.cose], CBOR Object Signing and Encryption) [RFC9052]. The COSE_Sign1 structure provides single-signer signatures suitable for Evidence and Attestation Result authentication.¶

Recommended algorithms:¶

• EdDSA with Ed25519 (RECOMMENDED for new implementations)¶
• ECDSA with P-256 (for compatibility with existing PKI)¶

1.6.4. EAT Tokens

This specification defines an Entity Attestation Token (EAT) profile per [RFC9711]. EAT provides a framework for attestation claims with support for custom claim types.¶

The EAT profile URI for Proof of Process evidence is:¶

https://example.com/rats/eat/profile/pop/1.0

Custom EAT claims proposed for IANA registration are defined in Section 13.¶

1.6.5. Hash Function Notation

This document uses the following notation for cryptographic hash functions:¶

• H(x): SHA-256 hash of input x (default)¶
• H^n(x): n iterations of hash function H¶
• HMAC(k, m): HMAC-SHA256 with key k and message m¶

SHA-256 is the RECOMMENDED hash algorithm. Implementations MAY support SHA3-256 for algorithm agility.¶

2.2.1. Evidence Packet (.pop)

The .pop (Proof of Process) file is the primary Evidence artifact produced by the Attester. It contains all cryptographic proofs and behavioral evidence accumulated during document authorship.¶

CBOR encoding with semantic tag:¶

Tag: 1347571280 (0x50505020, ASCII "PPP ")
Type: tagged-evidence-packet

The Evidence packet is the authoritative record of the authoring process. It may be:¶

• Submitted to a Verifier for appraisal¶
• Archived alongside the document for future verification¶
• Shared with Relying Parties who perform their own verification¶

The .pop file is typically larger than the .war file because it contains complete checkpoint chains, VDF proofs, and behavioral evidence.¶

2.2.2. Attestation Result (.war)

The .war (Writers Authenticity Report) file is the Attestation Result produced by a Verifier after appraising an Evidence packet. It serves as a portable verification certificate.¶

CBOR encoding with semantic tag:¶

Tag: 1463894560 (0x57415220, ASCII "WAR ")
Type: tagged-attestation-result

The Attestation Result is designed for distribution alongside published documents. It provides:¶

• A signed verdict from a trusted Verifier¶
• Summary of verified claims without full evidence¶
• Confidence score for Relying Party decision-making¶
• Caveats documenting verification limitations¶

Relying Parties may trust the .war file based on the Verifier's reputation, or they may request the original .pop file for independent verification.¶

2.2.3. Format Relationship

The two formats are linked by the reference-packet-id field in the Attestation Result, which matches the packet-id of the appraised Evidence packet:¶

Evidence Packet (.pop)          Attestation Result (.war)
+-------------------+           +------------------------+
| packet-id: UUID   |<----------| reference-packet-id:   |
|                   |           |   UUID (same value)    |
+-------------------+           +------------------------+

This binding ensures that each Attestation Result is unambiguously tied to a specific Evidence packet.¶

2.3.1. Required Fields

version (key 1):

Schema version number. Currently 1. Implementations MUST reject packets with unrecognized major versions.¶

profile (key 2):

EAT profile URI identifying this specification:¶

https://example.com/rats/eat/profile/pop/1.0

¶

IANA registration to be requested upon working group adoption.¶

packet-id (key 3):

UUID ([RFC9562]) uniquely identifying this Evidence packet. Generated by the Attester at packet creation time.¶

created (key 4):

Timestamp when this packet was finalized. CBOR tag 1 (epoch-based date/time).¶

document (key 5):

Reference to the documented artifact. See Section 2.5.¶

checkpoints (key 6):

Ordered array of checkpoint structures forming the evidence chain. See Section 2.4.¶

2.3.2. Tiered Optional Sections

The optional sections (keys 10-17) correspond to evidence tiers. Their presence determines the evidence strength:¶

2.3.3. Extensibility

The evidence-packet structure supports forward-compatible extensions through string-keyed fields:¶

• Integer keys 1-99 are reserved for this specification¶
• String keys MAY be used for vendor or application-specific extensions¶
• Verifiers MUST ignore unrecognized string-keyed fields¶
• Verifiers MUST reject packets containing unrecognized integer keys in the reserved range¶

2.4.1. Checkpoint Structure

checkpoint = {
    1 => uint,                      ; sequence
    2 => uuid,                      ; checkpoint-id
    3 => pop-timestamp,             ; timestamp
    4 => hash-value,                ; content-hash
    5 => uint,                      ; char-count
    6 => uint,                      ; word-count
    7 => edit-delta,                ; delta
    8 => hash-value,                ; prev-hash
    9 => hash-value,                ; checkpoint-hash
    10 => vdf-proof,                ; vdf-proof
    11 => jitter-binding,           ; jitter-binding
    12 => bstr .size 32,            ; chain-mac

    * tstr => any,                  ; extensions
}

sequence (key 1):

Zero-indexed ordinal position in the checkpoint chain. MUST be strictly monotonically increasing.¶

checkpoint-id (key 2):

UUID uniquely identifying this checkpoint within the packet.¶

timestamp (key 3):

Local timestamp when the checkpoint was created. Note that local timestamps are untrusted; temporal ordering is established by VDF causality.¶

content-hash (key 4):

Cryptographic hash of the document content at this checkpoint. SHA-256 RECOMMENDED.¶

char-count (key 5), word-count (key 6):

Document statistics at this checkpoint. Informational only; not cryptographically bound.¶

delta (key 7):

Edit delta since previous checkpoint. Contains character counts for additions, deletions, and edit operations. No content is included.¶

prev-hash (key 8):

Hash of the previous checkpoint (checkpoint-hash{N-1}). For the genesis checkpoint (sequence = 0), this MUST be 32 zero bytes.¶

checkpoint-hash (key 9):

Binding hash computed over all checkpoint fields, creating the hash chain.¶

vdf-proof (key 10):

Verifiable Delay Function proof establishing minimum elapsed time. See Section 4.¶

jitter-binding (key 11):

Captured behavioral entropy binding. See Section 3.¶

chain-mac (key 12):

HMAC-SHA256 binding the checkpoint to the chain key, preventing transplantation of checkpoints between sessions.¶

2.4.2. Hash Chain Construction

The checkpoint chain forms a cryptographic hash chain through the prev-hash linkage:¶

+---------------+     +---------------+     +---------------+
| Checkpoint 0  |     | Checkpoint 1  |     | Checkpoint 2  |
|---------------|     |---------------|     |---------------|
| prev-hash:    |<----| prev-hash:    |<----| prev-hash:    |
|   (32 zeros)  |  H  |   H(CP_0)     |  H  |   H(CP_1)     |
| checkpoint-   |---->| checkpoint-   |---->| checkpoint-   |
|   hash: H_0   |     |   hash: H_1   |     |   hash: H_2   |
+---------------+     +---------------+     +---------------+

The checkpoint-hash is computed as:¶

checkpoint-hash = H(
    "witnessd-checkpoint-v1" ||
    sequence ||
    checkpoint-id ||
    timestamp ||
    content-hash ||
    char-count ||
    word-count ||
    CBOR(delta) ||
    prev-hash ||
    CBOR(vdf-proof) ||
    CBOR(jitter-binding)
)

This construction ensures that any modification to any field in any checkpoint invalidates all subsequent checkpoint hashes, providing tamper-evidence for the entire chain.¶

2.4.3. MMR Compatibility

The checkpoint chain is designed for compatibility with Merkle Mountain Range ([MMR]) structures, enabling efficient inclusion proofs for subsets of checkpoints:¶

• Each checkpoint-hash serves as a leaf in the MMR¶
• Verifiers can request inclusion proofs for specific checkpoints without receiving the entire chain¶
• External anchors can commit to MMR roots, enabling efficient batch timestamping¶

MMR proofs are optional and may be included in the external-section when third-party verification services provide them.¶

2.5.1. Content Hash Binding

The content-hash (key 1) is the cryptographic hash of the final document state. This is the same value as the content-hash in the final checkpoint.¶

To verify document binding:¶

1. Compute H(document-content)¶
2. Compare with document-ref.content-hash¶
3. Compare with checkpoints{-1}.content-hash¶
4. All three values MUST match¶

2.5.2. Salt Modes for Privacy

The hash-salt-mode field controls how the content hash is computed, enabling privacy-preserving verification scenarios:¶

When salted modes are used:¶

• The salt-commitment field contains H(salt), not the salt itself¶
• The author or escrow provides the salt out-of-band for verification¶
• Verifiers confirm H(provided-salt) matches salt-commitment before using it¶

Salted modes enable scenarios where the document binding should not be globally verifiable (e.g., unpublished manuscripts, confidential documents).¶

2.6.1. Basic Tier

The Basic tier contains only the required checkpoint chain and document reference:¶

• Checkpoints with VDF proofs and jitter bindings¶
• Document reference with content hash¶
• Optional declaration (author attestation)¶

Basic tier evidence proves:¶

• A sequence of document states was created over time¶
• Minimum elapsed time between states (via VDF)¶
• Behavioral entropy was captured at each checkpoint¶

Basic tier is suitable for low-stakes documentation, personal records, or contexts where the author's attestation is generally trusted.¶

2.6.2. Standard Tier

The Standard tier adds presence verification to the Basic tier:¶

• All Basic tier components¶
• presence-section: Human presence challenges and responses¶

Standard tier evidence additionally proves:¶

• A human responded to interactive challenges during authorship¶
• Response timing is consistent with human reaction times¶

Standard tier is suitable for academic submissions, professional reports, and contexts requiring reasonable assurance of human involvement.¶

2.6.3. Enhanced Tier

The Enhanced tier adds forensic analysis to the Standard tier:¶

• All Standard tier components¶
• forensics-section: Edit topology, AI indicators, metrics¶
• keystroke-section: Detailed jitter samples¶

Enhanced tier evidence additionally provides:¶

• Statistical analysis of editing patterns¶
• Edit topology showing where changes occurred (not what)¶
• AI indicator scores for forensic assessment¶
• Detailed keystroke timing for entropy verification¶

Enhanced tier is suitable for legal documents, regulatory compliance, and high-value intellectual property.¶

2.6.4. Maximum Tier

The Maximum tier adds hardware binding, external anchors, absence proofs, and forgery cost analysis:¶

• All Enhanced tier components¶
• hardware-section: TPM/Secure Enclave attestation¶
• external-section: RFC 3161, blockchain timestamps¶
• absence-section: Negative evidence claims¶
• forgery-cost-section: Economic attack cost analysis¶

Maximum tier evidence additionally provides:¶

• Hardware binding proving evidence was created on a specific device¶
• Third-party timestamps establishing absolute time¶
• Absence proofs for bounded claims (e.g., max paste size)¶
• Quantified forgery cost bounds for risk assessment¶

Maximum tier is suitable for litigation support, forensic investigation, and contexts requiring the strongest available evidence.¶

2.6.5. Tier Selection Guidance

The appropriate tier depends on the trust requirements and privacy constraints of the use case:¶

Authors SHOULD select the minimum tier that meets their verification requirements. Higher tiers collect more behavioral data and create larger Evidence packets.¶

2.7.1. Verdict Field

The verdict (key 4) is the Verifier's overall forensic assessment using the forensic-assessment enumeration:¶

IMPORTANT: The verdict describes the behavioral evidence, not a claim about the author's intent or the cognitive origin of ideas. It reflects observable patterns in the documented process.¶

2.7.2. Confidence Score

The confidence-score (key 5) is a floating-point value in the range [0.0, 1.0] representing the Verifier's confidence in the verdict:¶

• 0.0 - 0.3: Low confidence (limited evidence)¶
• 0.3 - 0.7: Moderate confidence (typical evidence)¶
• 0.7 - 1.0: High confidence (strong evidence)¶

The confidence score incorporates:¶

• Evidence tier (higher tiers increase confidence ceiling)¶
• Checkpoint chain completeness¶
• Entropy sufficiency in jitter bindings¶
• VDF calibration attestation presence¶
• External anchor confirmations¶

2.7.3. Verified Claims

The verified-claims array (key 6) contains individual claim verification results:¶

result-claim = {
    1 => uint,                      ; claim-type
    2 => bool,                      ; verified
    ? 3 => tstr,                    ; detail
    ? 4 => confidence-level,        ; claim-confidence
}

The claim-type values correspond to the absence-claim-type enumeration, enabling direct mapping between Evidence claims and Attestation Result verification outcomes.¶

2.7.4. Verifier Signature

The verifier-signature (key 7) is a COSE_Sign1 signature over the Attestation Result payload (fields 1-6 plus any optional fields 8-10). This signature:¶

• Authenticates the Verifier identity¶
• Ensures integrity of the Attestation Result¶
• Enables Relying Parties to verify the result came from a trusted Verifier¶

2.7.5. Caveats

The caveats array (key 10) documents limitations and warnings that Relying Parties should consider:¶

• "No hardware attestation available"¶
• "External anchors pending confirmation"¶
• "Jitter entropy below recommended threshold"¶
• "Author declares AI tool usage"¶

Verifiers MUST include appropriate caveats when the Evidence has known limitations. Relying Parties SHOULD review caveats before making trust decisions.¶

2.8.1. Semantic Tags

Top-level structures use semantic tags for type identification:¶

These tags enable format detection without external metadata. Parsers can identify the packet type by examining the leading tag value.¶

2.8.2. Key Encoding Strategy

The schema uses a dual key encoding strategy for efficiency and extensibility:¶

Integer Keys (1-99):

Reserved for core protocol fields defined in this specification. Provides compact encoding and enables efficient parsing.¶

String Keys:

Used for vendor extensions, application-specific fields, and future protocol extensions before standardization. Provides self-describing field names at the cost of encoding size.¶

Example size comparison for a field named "forensics":¶

Integer key (11):     1 byte  (0x0B)
String key ("forensics"): 10 bytes (0x69666F72656E73696373)

For a typical Evidence packet with dozens of fields, integer keys reduce packet size by 20-40%.¶

2.8.3. Deterministic Encoding

Evidence packets SHOULD use deterministic CBOR encoding (RFC 8949 Section 4.2) to enable:¶

• Byte-exact reproduction of packets for signature verification¶
• Consistent hashing for cache and deduplication purposes¶
• Simplified debugging and comparison¶

Deterministic encoding requirements:¶

• Map keys sorted in bytewise lexicographic order¶
• Integers encoded in minimal representation¶
• Floating-point values canonicalized¶

2.9.1. Custom EAT Claims

The following custom claims are proposed for IANA registration upon working group adoption:¶

2.9.2. AR4SI Trustworthiness Extension

The Attestation Result includes a proposed extension to the AR4SI ([I-D.ietf-rats-ar4si]) trustworthiness vector:¶

behavioral-consistency: -1..3
  -1 = no claim
   0 = behavioral evidence inconsistent with human authorship
   1 = behavioral evidence inconclusive
   2 = behavioral evidence consistent with human authorship
   3 = behavioral evidence strongly indicates human authorship

This extension enables integration of witnessd Attestation Results with broader trustworthiness assessment frameworks.¶

2.10.1. Tamper-Evidence vs. Tamper-Proof

The evidence model provides tamper-EVIDENCE, not tamper-PROOF:¶

• Tamper-evident:¶

  Modifications to Evidence packets are detectable through cryptographic verification. The hash chain, VDF entanglement, and HMAC bindings ensure that any alteration invalidates the Evidence.¶

• Not tamper-proof:¶

  An adversary with sufficient resources can fabricate Evidence by investing the computational time required by VDF proofs and generating plausible behavioral data. The forgery-cost-section quantifies this investment.¶

Relying Parties should understand this distinction when making trust decisions.¶

2.10.2. Independent Verification

Evidence packets are designed for independent verification:¶

• All cryptographic proofs are included in the packet¶
• Verification requires no access to the original device¶
• Verification requires no network access (except for external anchor validation)¶
• Multiple independent Verifiers can appraise the same Evidence¶

This property enables adversarial verification: a skeptical Relying Party can verify Evidence without trusting the Attester's infrastructure.¶

2.10.3. Privacy by Construction

The evidence model enforces privacy through structural constraints:¶

• No content storage:¶

  Evidence contains hashes of document states, not content. The document itself is never included in Evidence packets.¶

• No keystroke capture:¶

  Individual characters typed are not recorded. Timing intervals are captured without association to specific characters.¶

• Aggregated behavioral data:¶

  Raw timing data is aggregated into histograms before inclusion in Evidence. Optional raw interval disclosure is user-controlled.¶

• No screenshots or screen recording:¶

  Visual content is never captured by the Attesting Environment.¶

2.10.4. Attesting Environment Trust

The evidence model assumes a minimally trusted Attesting Environment:¶

• Chain-verifiable claims (absence-claim-types 1-15):¶

  Can be verified from Evidence alone without trusting the AE beyond basic data integrity.¶

• Monitoring-dependent claims (absence-claim-types 16-63):¶

  Require trust that the AE accurately reported monitored events. The ae-trust-basis field documents these assumptions.¶

Hardware attestation (hardware-section) increases AE trust by binding Evidence to verified hardware identities.¶

3.2.1. Entropy Commitment (Key 1)

The entropy-commitment is a cryptographic hash of the raw timing intervals concatenated in observation order:¶

entropy-commitment = H(interval{0} || interval{1} || ... || interval{n})

where H is the hash algorithm specified in the hash-value structure (SHA-256 RECOMMENDED), and each interval is encoded as a 32-bit unsigned integer representing milliseconds.¶

This commitment is computed BEFORE the histogram summary, ensuring the raw data cannot be manipulated to match a desired statistical profile.¶

3.2.2. Entropy Sources (Key 2)

The sources array identifies which input modalities contributed to the captured entropy:¶

Implementations MUST include at least one source. The keystroke-timing source (1) provides the highest entropy density and SHOULD be included when keyboard input is available.¶

3.2.3. Jitter Summary (Key 3)

The summary provides verifiable statistics without exposing raw timing data:¶

jitter-summary = {
    1 => uint,                 ; sample-count
    2 => [+ histogram-bucket], ; timing-histogram
    3 => float32,              ; estimated-entropy-bits
    ? 4 => [+ anomaly-flag],   ; anomalies (if detected)
}

histogram-bucket = {
    1 => uint,                 ; lower-bound-ms
    2 => uint,                 ; upper-bound-ms
    3 => uint,                 ; count
}

The estimated-entropy-bits field is calculated using Shannon entropy over the histogram distribution:¶

H = -sum(p[i] * log2(p[i])) for all buckets where p[i] > 0
p[i] = count[i] / total_samples

RECOMMENDED bucket boundaries (in milliseconds): 0, 50, 100, 200, 500, 1000, 2000, 5000, +infinity. These boundaries capture the typical range of human typing and pause behavior.¶

3.2.4. Binding MAC (Key 4)

The binding-mac cryptographically binds the jitter data to the checkpoint chain:¶

binding-mac = HMAC-SHA256(
    key = checkpoint-chain-key,
    message = entropy-commitment ||
              CBOR(sources) ||
              CBOR(summary) ||
              prev-checkpoint-hash
)

This binding ensures that:¶

1. The jitter data cannot be transplanted between checkpoints¶
2. The jitter data cannot be modified without invalidating the checkpoint chain¶
3. The temporal ordering of jitter observations is preserved¶

3.2.5. Raw Intervals (Key 5, Optional)

The raw-intervals array MAY be included for enhanced verification. When present, verifiers can:¶

• Recompute the entropy-commitment and verify it matches¶
• Recompute the histogram and verify consistency¶
• Perform statistical analysis beyond the histogram¶

Privacy consideration: Raw intervals may constitute biometric-adjacent data. See Section 3.7.¶

3.7.1. Mitigation Measures

• Histogram Aggregation:¶

  By default, only aggregated histogram data is included in the evidence packet. Raw intervals are optional and SHOULD only be disclosed when enhanced verification is required.¶

• Bucket Granularity:¶

  The RECOMMENDED bucket boundaries (50ms minimum width) prevent reconstruction of exact keystroke sequences while preserving statistically significant patterns.¶

• No Character Mapping:¶

  Timing intervals are recorded without association to specific characters or words. The evidence captures rhythm without content.¶

• Session Isolation:¶

  Jitter data is bound to a specific evidence packet and checkpoint chain. Cross-session correlation requires access to multiple evidence packets.¶

3.7.2. Disclosure Recommendations

Implementations SHOULD inform users that:¶

1. Typing rhythm information is captured and included in evidence packets¶
2. Evidence packets may be shared with Verifiers and potentially with Relying Parties¶
3. Raw timing data (if disclosed) could theoretically be used for behavioral analysis¶

Users SHOULD have the option to:¶

1. Disable raw-intervals disclosure (histogram-only mode)¶
2. Request deletion of evidence packets after verification¶
3. Review captured entropy statistics before packet finalization¶

3.8.1. Replay Attacks

An adversary might attempt to replay captured jitter data from a previous session. This attack is mitigated by:¶

1. VDF entanglement: The jitter commitment is bound to the VDF chain, which includes the previous checkpoint hash¶
2. Chain MAC: The binding-mac includes the previous checkpoint hash, preventing transplantation¶
3. Content binding: The jitter data is associated with specific content hashes that change with each edit¶

3.8.2. Simulation Attacks

An adversary might attempt to generate synthetic timing data that mimics human patterns. The cost of this attack is bounded by:¶

1. Entropy requirement:¶

   Meeting the entropy threshold requires sufficient variation in timing. Perfectly regular synthetic input will fail the entropy check.¶

2. Real-time constraint:¶

   The VDF entanglement requires that jitter data be captured before VDF computation. Generating synthetic timing that passes statistical tests while maintaining real-time constraints is non-trivial.¶

3. Statistical consistency:¶

   Synthetic timing must be consistent across all checkpoints. Anomaly detection may flag statistically improbable patterns.¶

The Jitter Seal does not claim to make simulation impossible, only to make it costly relative to genuine interaction. The forgery-cost-section provides quantified bounds on attack costs.¶

3.8.3. Attesting Environment Trust

The Jitter Seal relies on the Attesting Environment to accurately capture and report timing data. A compromised AE could fabricate jitter data. This is addressed by:¶

1. Hardware binding (hardware-section) for AE integrity¶
2. Calibration attestation for VDF speed verification¶
3. Clear documentation of AE trust assumptions in absence-claim structures (ae-trust-basis field)¶

Chain-verifiable claims (1-15) do not depend on AE trust beyond basic data integrity. Monitoring-dependent claims (16-63) explicitly document their AE trust requirements.¶

4.1.1. Algorithm Registry

The following VDF algorithms are defined:¶

Algorithm values 1-15 are reserved for iterated hash constructions. Values 16-31 are reserved for succinct VDF schemes. Values 32+ are available for future allocation.¶

4.1.2. Iterated Hash Construction

The iterated hash VDF computes:¶

output = H^n(input)

where H^n denotes n iterations of hash function H:
  H^0(x) = x
  H^n(x) = H(H^(n-1)(x))

Parameters for iterated hash VDFs:¶

iterated-hash-params = {
    1 => hash-algorithm,    ; hash-function
    2 => uint,              ; iterations-per-second
}

The iterations-per-second field records the calibrated performance of the Attesting Environment, enabling Verifiers to assess whether the claimed-duration is plausible for the iteration count.¶

Properties of iterated hash VDFs:¶

Verification Cost:

O(n) -- Verifier must recompute all iterations. This is acceptable for the iteration counts typical in authoring scenarios (10^6 to 10^9 iterations).¶

Parallelization Resistance:

Inherently sequential. Each iteration depends on the previous output. No known parallelization attack.¶

Hardware Acceleration:

SHA-256 acceleration (e.g., Intel SHA Extensions, ARM Cryptography Extensions) provides ~3-5x speedup over software. This is accounted for in calibration.¶

4.1.3. Succinct VDF Construction

Succinct VDFs ([Pietrzak2019], [Wesolowski2019]) provide O(log n) or O(1) verification time at the cost of larger proof size and more complex computation.¶

succinct-vdf-params = {
    10 => uint,             ; modulus-bits (e.g., 2048)
    ? 11 => uint,           ; security-parameter
}

Key set 10-19 disambiguates succinct params from iterated hash params (key set 1-9) without requiring a type tag.¶

Succinct VDFs are OPTIONAL and intended for scenarios where:¶

• Verification must complete in bounded time regardless of delay duration¶
• Evidence packets may contain very long VDF chains (millions of checkpoints)¶
• Third-party Verifiers cannot afford O(n) recomputation¶

When using succinct VDFs, the proof field contains the cryptographic proof of correct computation. For iterated hash VDFs, the proof field is empty (verification is by recomputation).¶

4.2.1. Checkpoint Entanglement

The VDF input for checkpoint N is computed as:¶

VDF_input{N} = H(
    VDF_output{N-1} ||      ; Previous VDF output
    content-hash{N} ||      ; Current document state
    jitter-commitment{N} || ; Captured behavioral entropy
    sequence{N}             ; Checkpoint sequence number
)

For the genesis checkpoint (N = 0):¶

VDF_input{0} = H(
    session-entropy ||      ; Random 256-bit session seed
    content-hash{0} ||      ; Initial document state
    jitter-commitment{0} ||
    0x00000000              ; Sequence zero
)

This construction ensures that:¶

1. Sequential Dependency:¶

   VDF_output{N} cannot be computed without VDF_output{N-1}. The chain is inherently sequential.¶

2. Content Binding:¶

   Each VDF output is bound to a specific document state. Changing the content invalidates all subsequent VDF proofs.¶

3. Jitter Binding:¶

   The behavioral entropy commitment is entangled with the VDF, as detailed in Section 3.3.¶

4. No Precomputation:¶

   The adversary cannot precompute VDF outputs because the input depends on runtime values (content, jitter) that are unknown until the checkpoint is created.¶

4.2.2. Temporal Ordering Without Trusted Time

The causality property provides relative temporal ordering without relying on trusted timestamps:¶

Relative Ordering:

Checkpoint N necessarily occurred after checkpoint N-1, because VDF_input{N} requires VDF_output{N-1}.¶

Minimum Elapsed Time:

The time between checkpoints N-1 and N is at least:¶

min_elapsed{N} = iterations{N} / calibration_rate

¶

where calibration_rate is the attested iterations-per-second for the device.¶

Cumulative Time Bound:

The total minimum time to produce the evidence packet is:¶

min_total = sum(iterations[i] / calibration_rate) for i = 0..N

¶

Absolute Time Binding:

External anchors (RFC 3161 timestamps, blockchain proofs) bind the checkpoint chain to absolute time. The VDF provides the ordering; anchors provide the epoch.¶

4.2.3. Backdating Resistance

An adversary attempting to backdate evidence must:¶

1. Generate content that produces the desired content-hash¶
2. Generate jitter data that produces valid entropy-commitment¶
3. Compute the VDF chain from the backdated checkpoint forward¶
4. Complete all of the above before any external anchor confirms a later checkpoint¶

The cost of step 3 grows linearly with the number of subsequent checkpoints and the iteration count per checkpoint. This cost is quantified in the forgery-cost-section.¶

Crucially, the adversary cannot parallelize step 3: VDF computation is inherently sequential. Even with unlimited computational resources, the adversary must wait for each VDF to complete before starting the next.¶

4.3.1. Attestation Structure

calibration-attestation = {
    1 => uint,              ; calibration-iterations
    2 => pop-timestamp,     ; calibration-time
    3 => cose-signature,    ; hw-signature
    4 => bstr,              ; device-nonce
    ? 5 => tstr,            ; device-model
}

calibration-iterations (key 1):

The number of VDF iterations completed in a 1-second calibration burst at session start.¶

calibration-time (key 2):

Timestamp when calibration was performed. SHOULD be within 24 hours of the first checkpoint.¶

hardware-signed attestation (key 3):

COSE_Sign1 signature over the calibration data, produced by hardware-bound keys (Secure Enclave, TPM, etc.).¶

device-nonce (key 4):

Random 256-bit value generated at calibration time. Prevents replay of calibration attestations across sessions.¶

device-model (key 5, optional):

Human-readable device identifier for reference purposes. Not used in verification.¶

4.3.2. Calibration Procedure

The Attesting Environment performs calibration as follows:¶

1. Generate Nonce:¶

   Generate a cryptographically random 256-bit device-nonce.¶

2. Initialize Timer:¶

   Record high-resolution start time T_start.¶

3. Execute Calibration Burst:¶

   Compute VDF iterations using the session's VDF algorithm, starting from H(device-nonce), until 1 second has elapsed.¶

4. Record Result:¶

   calibration-iterations = number of iterations completed.¶

5. Generate Attestation:¶

   Construct the attestation payload and sign with hardware-bound key.¶

The attestation payload for signing:¶

attestation-payload = CBOR({
    "alg": vdf-algorithm,
    "iter": calibration-iterations,
    "nonce": device-nonce,
    "time": calibration-time
})

4.3.3. Calibration Verification

A Verifier validates calibration attestation as follows:¶

1. Signature Verification:¶

   Verify the COSE_Sign1 signature using the device's public key (from hardware-section or certificate chain).¶

2. Nonce Uniqueness:¶

   Verify the device-nonce has not been seen in other sessions (optional, requires Verifier state).¶

3. Plausibility Check:¶

   Verify calibration-iterations falls within expected range for the device class:¶

   • Mobile devices: 10^5 - 10^7 iterations/second¶
   • Desktop/laptop: 10^6 - 10^8 iterations/second¶
   • Server-class: 10^7 - 10^9 iterations/second¶

4. Consistency Check:¶

   For each checkpoint, verify:¶

   claimed-duration >= iterations / (calibration-iterations * tolerance)
   

   ¶

   where tolerance accounts for measurement variance (RECOMMENDED: 1.1, i.e., 10% margin).¶

4.3.4. Trust Model

Calibration attestation relies on hardware-bound key integrity:¶

• With hardware attestation:¶

  The calibration rate is trustworthy to the extent that the hardware security module is trustworthy. An adversary cannot claim faster-than-actual calibration without compromising the HSM.¶

• Without hardware attestation:¶

  The calibration rate is self-reported by the Attesting Environment. The Verifier should apply conservative assumptions and may require external anchors for time verification.¶

The hardware-section documents whether hardware attestation is available and which platform is used.¶

4.4.1. Iterated Hash Verification

For iterated hash VDFs, verification requires recomputation:¶

1. Reconstruct Input:¶

   Compute VDF_input{N} from the checkpoint data using the entanglement formula in Section 4.2.1.¶

2. Recompute VDF:¶

   Execute iterations{N} hash iterations starting from VDF_input{N}.¶

3. Compare Output:¶

   Verify the computed output matches the claimed VDF_output{N}.¶

4. Verify Duration (if calibration present):¶

   Apply the consistency check from Section 4.3.3.¶

For large evidence packets, Verifiers MAY use sampling strategies:¶

• Verify first and last checkpoints fully¶
• Randomly sample intermediate checkpoints¶
• Verify chain linkage (prev-hash) for all checkpoints¶

4.4.2. Succinct VDF Verification

For succinct VDFs, verification uses the cryptographic proof:¶

1. Reconstruct Input:¶

   Compute VDF_input{N} as above.¶

2. Parse Proof:¶

   Decode the proof field according to the algorithm specification.¶

3. Verify Proof:¶

   Execute the algorithm-specific verification procedure ([Pietrzak2019] or [Wesolowski2019]).¶

4. Verify Duration:¶

   Apply calibration consistency check.¶

4.5.1. Migration Path

Evidence packets MAY contain checkpoints using different VDF algorithms. This enables migration scenarios:¶

• Upgrading from iterated-sha256 to iterated-sha3-256¶
• Transitioning from iterated hash to succinct VDF¶
• Adopting post-quantum secure constructions¶

Algorithm changes SHOULD occur at session boundaries. Within a session, algorithm consistency is RECOMMENDED for simplicity.¶

4.5.2. Post-Quantum Considerations

Current VDF constructions have varying post-quantum security:¶

Iterated Hash (SHA-256, SHA3-256):

Grover's algorithm provides quadratic speedup for preimage attacks. This affects collision resistance but not the sequential computation property. The VDF remains secure with doubled iteration counts.¶

RSA-based ([Pietrzak2019], [Wesolowski2019]):

Vulnerable to Shor's algorithm. Not recommended for long-term evidence that must remain verifiable in a post-quantum era.¶

Class-group based:

Based on class group computations in imaginary quadratic fields. Quantum security is less well understood but believed to be stronger than RSA.¶

For evidence intended to remain valid for decades, iterated hash VDFs are RECOMMENDED.¶

4.6.1. Hardware Acceleration Attacks

An adversary with specialized hardware (ASICs, FPGAs) may compute VDF iterations faster than the calibrated rate. Mitigations:¶

• Calibration Reflects Actual Hardware:¶

  Calibration is performed on the actual device, so the calibration rate already accounts for any acceleration available to the Attester.¶

• Asymmetric Advantage Limited:¶

  SHA-256 is widely optimized. The speedup from custom hardware over commodity CPUs with SHA extensions is typically less than 10x.¶

• Economic Analysis:¶

  The forgery-cost-section quantifies the cost of acceleration attacks in terms of hardware investment and time.¶

4.6.2. Parallelization Resistance

VDFs are designed to resist parallelization:¶

Iterated Hash:

Each iteration depends on the previous output. No parallelization is possible without breaking the hash function's preimage resistance.¶

Succinct VDFs:

Based on repeated squaring in groups with unknown order. Parallelization would require factoring the modulus (RSA-based) or solving the class group order problem (class-group based).¶

The key insight: an adversary with P processors cannot compute the VDF P times faster. The best known attacks provide negligible parallelization advantage.¶

4.6.3. Time-Memory Tradeoffs

For iterated hash VDFs, an adversary might attempt to precompute and store intermediate values:¶

• Rainbow Tables:¶

  Precomputing H^n(x) for many x values. Mitigated by the unpredictable VDF input (includes content hash and jitter commitment).¶

• Checkpoint Tables:¶

  Storing every k-th intermediate value during legitimate computation. Enables faster recomputation from nearby checkpoints but does not help with backdating attacks (which require computing from a specific starting point).¶

No practical time-memory tradeoff significantly reduces the sequential computation requirement.¶

4.6.4. Calibration Attacks

Attacks on the calibration system:¶

Throttled Calibration:

Adversary intentionally slows device during calibration to report lower iterations-per-second, then computes VDFs faster than claimed.¶

Mitigation: Plausibility checks based on device class. Anomalously slow calibration for a known device model triggers Verifier skepticism.¶

Calibration Replay:

Adversary reuses calibration attestation from a slower device.¶

Mitigation: Device-nonce binds calibration to session. Hardware signature binds to specific device key.¶

Device Key Compromise:

Adversary extracts hardware-bound signing key.¶

Mitigation: Hardware security modules are designed to resist key extraction. This attack requires physical access and significant resources.¶

4.6.5. Timing Side Channels

VDF computation timing may leak information:¶

• Iteration Count Inference:¶

  Network observers may infer iteration counts from checkpoint timing. This reveals only what is already public in the evidence packet.¶

• Content Inference:¶

  VDF computation time is independent of content (fixed iteration count per checkpoint). No content leakage through timing.¶

VDF implementations SHOULD use constant-time hash operations where available, though timing variations in VDF computation itself do not compromise security.¶

5.1.1. The Value of Bounded Claims

Traditional evidence systems focus on positive claims: "X happened at time T." Absence proofs extend this to negative claims: "X did not exceed threshold Y during interval (T1, T2)."¶

The value of bounded claims lies in their falsifiability:¶

Positive Claim:

"The author typed this document" -- difficult to verify, requires trust in the entire authoring environment.¶

Bounded Negative Claim:

"No single edit added more than 500 characters" -- verifiable directly from the checkpoint chain without additional trust assumptions.¶

Bounded claims shift the burden of proof: instead of claiming what DID happen (which requires comprehensive monitoring), we claim what did NOT happen (which can be bounded by observable evidence).¶

5.1.2. Inherent Limits of Negative Evidence

Absence proofs have fundamental limitations that MUST be clearly communicated:¶

• Monitoring Gaps:¶

  Absence claims are valid only during monitored intervals. Gaps in monitoring create gaps in absence guarantees.¶

• Trust Boundaries:¶

  Some absence claims require trust in the Attesting Environment (AE). This trust must be explicitly documented.¶

• Threshold Semantics:¶

  "No paste above 500 characters" does not imply "no paste." Claims are bounded, not absolute.¶

• Behavioral Consistency, Not Authorship:¶

  Absence claims describe observable behavioral patterns, NOT authorship, intent, or cognitive processes. They document consistency between declared process and observable evidence.¶

5.2.1. Chain-Verifiable Claims (1-15)

Chain-verifiable claims can be verified by any party with access to the Evidence packet. No trust in the Attesting Environment is required beyond basic data integrity. These claims are derived purely from the checkpoint chain structure.¶

A Verifier can independently confirm these claims by:¶

1. Parsing the checkpoint chain¶
2. Verifying chain integrity (hashes, MACs, VDF linkage)¶
3. Computing the relevant metrics from checkpoint data¶
4. Comparing against the claimed thresholds¶

No interaction with the Attester or trust in its monitoring capabilities is needed.¶

5.2.2. Monitoring-Dependent Claims (16-63)

Monitoring-dependent claims require trust that the Attesting Environment correctly observed and reported specific events. These claims cannot be verified from the checkpoint chain alone because they depend on real-time monitoring of events external to the document state.¶

For monitoring-dependent claims, the Verifier must assess:¶

1. Whether the AE had the capability to observe the relevant events (clipboard access, process enumeration, etc.)¶
2. Whether the AE was operating with integrity during the monitoring period¶
3. Whether monitoring was continuous or had gaps¶
4. What attestation (if any) supports the AE integrity claim¶

The ae-trust-basis structure documents these trust assumptions explicitly, enabling informed Relying Party decisions.¶

5.2.3. Trust Model Comparison

5.3.1. Verification Details

For each chain-verifiable claim, the Verifier performs:¶

verify_chain_claim(evidence, claim):
    (1) Verify chain integrity first
    if not verify_chain_hashes(evidence.checkpoints):
        return INVALID("Chain integrity failure")
    if not verify_vdf_linkage(evidence.checkpoints):
        return INVALID("VDF linkage failure")

    (2) Compute the metric from checkpoint data
    observed_value = compute_metric(evidence.checkpoints, claim.type)

    (3) Compare against threshold
    match claim.type:
        case MAX_SINGLE_DELTA_CHARS:
            passes = (observed_value <= claim.threshold)
        case MIN_VDF_DURATION_SECONDS:
            passes = (observed_value >= claim.threshold)

    (4) Return verification result
    if passes:
        return PROVEN(observed_value, claim.threshold)
    else:
        return FAILED(observed_value, claim.threshold)

The key property: verification depends ONLY on cryptographically verifiable checkpoint data, not on any external monitoring claims by the AE.¶

5.4.1. Trust Basis Documentation

Each monitoring-dependent claim MUST include an ae-trust-basis structure that documents the trust assumptions:¶

ae-trust-basis = {
    1 => ae-trust-target,   ; trust-target
    2 => tstr,              ; justification
    3 => bool,              ; verified
}

ae-trust-target = &(
    witnessd-software-integrity: 1,
    os-reported-events: 2,
    application-reported-events: 3,
    tpm-attested-elsewhere: 16,
    se-attested-elsewhere: 17,
    unverified-assumption: 32,
)

witnessd-software-integrity (1):

Trust that the witnessd software itself is unmodified and correctly implements monitoring. Requires software attestation or code signing verification.¶

os-reported-events (2):

Trust that the operating system correctly reports events (clipboard, process list, file access). Requires OS integrity.¶

application-reported-events (3):

Trust that the authoring application correctly reports events. Weakest trust level; application may be compromised.¶

tpm-attested-elsewhere (16):

TPM attestation of the AE state exists in the hardware-section. Cross-reference for verification.¶

se-attested-elsewhere (17):

Secure Enclave attestation of the AE state exists in the hardware-section. Cross-reference for verification.¶

unverified-assumption (32):

The claim is based on assumptions that cannot be verified. Relying Party must decide whether to accept based on context.¶

The justification field provides human-readable explanation of why the trust basis is believed adequate. The verified field indicates whether the trust basis was cryptographically verified (true) or merely assumed (false).¶

5.5.1. Coverage Fields

keyboard-monitored (key 1):

Boolean indicating whether keyboard input events were monitored during the session. If false, claims about typing patterns (20-22) cannot be made.¶

clipboard-monitored (key 2):

Boolean indicating whether clipboard operations were monitored. If false, claims about paste events (16-18) cannot be made.¶

monitoring-intervals (key 3):

Array of time intervals during which monitoring was active. Gaps between intervals represent periods where monitoring was suspended (application backgrounded, system sleep, etc.).¶

coverage-fraction (key 4):

Fraction of total session time covered by monitoring, calculated as sum(interval_duration) / total_session_duration. Values below 0.95 indicate significant monitoring gaps that may affect absence claim confidence.¶

monitoring-attestation (key 5, optional):

Hardware attestation that monitoring was active during the claimed intervals. Provides stronger assurance than self-reported coverage.¶

5.5.2. Gap Semantics

Monitoring gaps have explicit semantic impact on absence claims:¶

• Covered Intervals:¶

  Absence claims apply fully during covered intervals. "No paste above 500 chars during (T1, T2)" means the AE would have detected any such paste.¶

• Gap Intervals:¶

  During gaps, monitoring-dependent claims cannot be made. An event could have occurred unobserved.¶

• Gap-Aware Claims:¶

  If coverage-fraction is below 1.0, absence claims SHOULD include a caveat noting the monitoring gap percentage.¶

Chain-verifiable claims (1-15) are NOT affected by monitoring gaps because they are derived from the checkpoint chain, which has no gaps (checkpoint-chain-complete verifies this).¶

5.6.1. Confidence Levels

proven (1):

The claim is cryptographically provable from the Evidence. Only chain-verifiable claims (1-15) can achieve this level.¶

high (2):

Strong evidence supports the claim. For monitoring-dependent claims, requires hardware attestation of AE integrity and high monitoring coverage (>95%).¶

medium (3):

Reasonable evidence supports the claim. AE integrity is assumed but not hardware-attested. Monitoring coverage is acceptable (>80%).¶

low (4):

Weak evidence supports the claim. Significant caveats apply. Monitoring gaps exist or AE trust basis is unverified.¶

5.7.1. Step 1: Verify Chain-Verifiable Claims

For claims with type 1-15:¶

1. Verify Evidence Integrity:¶

   Verify checkpoint chain hashes, VDF linkage, and structural validity per the base protocol.¶

2. Extract Metrics:¶

   Compute the relevant metric from checkpoint data (e.g., max delta chars, total VDF duration).¶

3. Compare Threshold:¶

   Verify the computed metric satisfies the claimed threshold.¶

4. Assign Confidence:¶

   Chain-verifiable claims that pass receive confidence level "proven" (1).¶

5.7.2. Step 2: Appraise Monitoring-Dependent Claims

For claims with type 16-63:¶

1. Assess AE Trust Basis:¶

   Examine the ae-trust-basis for each claim. Determine whether the trust target is appropriate for the claim type and whether it was verified.¶

2. Evaluate Monitoring Coverage:¶

   Check monitoring-coverage to determine whether the relevant monitoring was active. Verify coverage-fraction is adequate for the confidence level claimed.¶

3. Cross-Reference Hardware Attestation:¶

   If ae-trust-target is tpm-attested-elsewhere (16) or se-attested-elsewhere (17), verify the corresponding attestation exists in hardware-section.¶

4. Evaluate Evidence:¶

   Examine the absence-evidence for supporting data. Statistical tests should have appropriate p-values; attestation references should be verifiable.¶

5. Assign Confidence:¶

   Based on the above factors, assign confidence level (2-4). Level 1 (proven) is NOT available for monitoring-dependent claims.¶

6. Document Caveats:¶

   Record any limitations or assumptions in the caveats array of the verification result.¶

5.7.3. Step 3: Produce Verification Summary

The Verifier produces a result-claim for each absence-claim examined:¶

result-claim = {
    1 => uint,                ; claim-type
    2 => bool,                ; verified (claim holds)
    ? 3 => tstr,              ; detail (reasoning)
    ? 4 => confidence-level,  ; claim-confidence
}

The aggregated results appear in the attestation-result (.war file) as the verified-claims array.¶

5.8.1. Role Distribution

Attester Responsibility:

The Attester (witnessd AE) generates absence claims based on its monitoring observations. For chain-verifiable claims, the Attester merely assembles checkpoint data in a format that enables Verifier computation. For monitoring-dependent claims, the Attester makes assertions about events it observed (or did not observe).¶

Verifier Responsibility:

The Verifier independently verifies chain-verifiable claims by recomputing metrics from Evidence. For monitoring-dependent claims, the Verifier appraises the trust basis and determines whether to accept the Attester's monitoring assertions.¶

Relying Party Responsibility:

The Relying Party consumes the attestation-result (.war file) and decides whether the verified claims meet their requirements. Different use cases may require different confidence levels or claim types.¶

5.8.2. Evidence Model Extension

Standard RATS evidence attests to system state (software versions, configuration). Absence proofs add a new category:¶

State Evidence (traditional RATS):

"The system was in configuration C at time T."¶

Behavioral Consistency Evidence (absence proofs):

"Observable behavior during interval (T1, T2) was consistent with constraint X."¶

This extension enables attestation about processes, not just states. The checkpoint chain provides the evidentiary basis for process claims that would otherwise require continuous trusted monitoring.¶

5.8.3. Appraisal Policy Integration

Verifiers MAY define appraisal policies that specify:¶

• Which absence claim types are required for acceptance¶
• Minimum confidence levels for each claim type¶
• Required trust basis for monitoring-dependent claims¶
• Minimum monitoring coverage thresholds¶

Example policy (informative):¶

policy:
  required_claims:
    - type: 1   # max-single-delta-chars
      threshold: 500
      min_confidence: proven
    - type: 4   # min-vdf-duration-seconds
      threshold: 3600
      min_confidence: proven
    - type: 16  # max-paste-event-chars
      threshold: 200
      min_confidence: high
      required_trust_basis: (1, 16, 17)  (SE or TPM attested)
  min_monitoring_coverage: 0.95

5.9.1. What Absence Claims Do NOT Prove

Absence claims have explicit limits that MUST be understood by all parties:¶

Absence claims do NOT prove authorship:

"No single edit added more than 500 characters" does not prove who performed the edits. It proves only that the observable edit pattern had this property.¶

Absence claims do NOT prove intent:

"No paste from AI tool detected" does not prove the author intended to write without AI assistance. The author may have used AI tools in ways that evade detection.¶

Absence claims do NOT prove cognitive process:

Behavioral patterns consistent with human typing do not prove human cognition produced the content. The claims describe observable behavior, not mental states.¶

Absence claims do NOT prove completeness:

Claims apply only to monitored intervals. Events during monitoring gaps are not covered by absence claims.¶

Framing claims as "behavioral consistency" rather than "human authorship" avoids overclaiming and maintains intellectual honesty about what the evidence actually shows.¶

5.9.2. Attesting Environment Compromise

Monitoring-dependent claims are only as trustworthy as the Attesting Environment:¶

• Software Compromise:¶

  Modified witnessd software could fabricate monitoring observations. Mitigated by code signing and software attestation.¶

• OS Compromise:¶

  Compromised OS could report false clipboard contents or process lists. Mitigated by hardware attestation of OS integrity.¶

• Hardware Compromise:¶

  Physical access to device could enable hardware-level attacks. This is outside the threat model for most use cases.¶

The ae-trust-basis structure explicitly documents which trust assumptions apply, enabling Relying Parties to make informed decisions about acceptable risk.¶

5.9.3. Monitoring Evasion

Sophisticated adversaries may attempt to evade monitoring:¶

Timing-Based Evasion:

Performing prohibited actions during monitoring gaps. Mitigated by high coverage requirements and gap documentation.¶

Tool-Based Evasion:

Using tools not in the detection list (e.g., novel AI tools). The claim "no-concurrent-ai-tool" refers to known tools; unknown tools may evade detection.¶

Channel-Based Evasion:

Using alternative input channels (screen readers, accessibility features) not monitored by the AE. Mitigated by comprehensive input monitoring.¶

Simulation:

Generating input patterns that mimic human behavior. The jitter-seal and VDF mechanisms make this costly but not impossible. See forgery-cost-section.¶

Absence proofs do not claim to make evasion impossible, only to make it costly and to document the monitoring coverage that was actually achieved.¶

5.9.4. Statistical Claim Limitations

Claims based on statistical inference (proof-method 5) have inherent uncertainty:¶

• p-values indicate probability, not certainty¶
• Multiple testing increases false positive risk¶
• Adversarial inputs may exploit statistical assumptions¶

Statistical claims SHOULD be assigned confidence level "medium" (3) or "low" (4) unless supported by additional evidence.¶

6.1.1. Cost-Asymmetric Forgery

The design goal is cost asymmetry: producing genuine evidence should be inexpensive (a natural byproduct of authoring), while producing counterfeit evidence should require resources disproportionate to any benefit gained.¶

Cost asymmetry is achieved through three mechanisms:¶

Time Asymmetry (VDF):

Genuine evidence accumulates VDF proofs during natural authoring time. Forgery requires recomputing the VDF chain, which cannot be parallelized. The adversary must spend wall-clock time proportional to the claimed authoring duration.¶

Entropy Asymmetry (Jitter Seal):

Genuine evidence captures behavioral entropy that exists only at the moment of observation. Forgery requires either guessing the entropy commitment (computationally infeasible) or simulating human input patterns in real time (bounded by the same VDF constraints).¶

Economic Asymmetry (Resource Cost):

The combined time and entropy requirements translate to economic costs. Forging evidence for a 10-hour authoring session requires at minimum 10 hours of compute time plus specialized resources, making mass forgery economically impractical.¶

6.1.2. What Forgery Cost Bounds Do NOT Claim

Forgery cost bounds explicitly avoid claims that evidence is:¶

• Unforgeable: Given sufficient resources, any evidence can be forged. The bounds quantify "sufficient."¶
• Guaranteed authentic: Bounds express minimum forgery costs, not maximum. Cheaper attacks may exist that have not been discovered.¶
• Irrefutable proof: Evidence supports claims with quantified confidence, not mathematical certainty.¶
• Permanent: Cost bounds depreciate as hardware improves. Evidence verified today may have different bounds when re-evaluated in the future.¶

6.3.1. Field Definitions

total-iterations (key 1):

Sum of all VDF iterations across all checkpoints in the evidence packet, computed as sum(checkpoint{i}.vdf-proof.iterations) for all i.¶

calibration-rate (key 2):

The attested iterations-per-second from the calibration attestation. This represents the maximum VDF computation speed on the Attesting Environment's hardware.¶

reference-hardware (key 3):

Human-readable description of the hardware used for calibration (e.g., "Apple M2 Pro", "Intel i9-13900K"). Used for plausibility assessment, not verification.¶

min-recompute-seconds (key 4):

Minimum wall-clock seconds required to recompute the VDF chain on reference hardware, calculated as total-iterations / calibration-rate. This is a lower bound: actual recomputation on slower hardware takes longer.¶

parallelizable (key 5):

Boolean indicating whether the VDF algorithm permits parallelization. For iterated hash VDFs (algorithms 1-15), this is always false. For certain succinct VDF constructions, limited parallelization may be possible.¶

max-parallelism (key 6, optional):

If parallelizable is true, the maximum parallel speedup factor. For iterated hash VDFs, this field is absent.¶

6.3.2. Time Bound Verification

A Verifier computes and validates the time bound as follows:¶

1. Sum Iterations:¶

   Traverse all checkpoints and sum the iterations field from each VDF proof.¶

2. Verify Calibration:¶

   If calibration attestation is present, verify the hardware signature and check that calibration-rate matches the attested iterations-per-second.¶

3. Compute Minimum Time:¶

   Divide total-iterations by calibration-rate. Verify the result matches min-recompute-seconds within floating-point tolerance.¶

4. Plausibility Check:¶

   Verify min-recompute-seconds is consistent with the claimed authoring duration. Significant discrepancy (e.g., 10-hour claimed session with 1-minute VDF time) indicates either misconfiguration or potential manipulation.¶

6.3.3. Parallelization Resistance

The security of time bounds depends on VDF parallelization resistance. For iterated hash VDFs:¶

• Each iteration depends on the previous output¶
• No known technique computes H^n(x) faster than n sequential hash operations¶
• An adversary with P processors cannot compute the chain P times faster¶

This property ensures that time bounds reflect wall-clock time, not aggregate compute time. An adversary with a data center cannot forge 10 hours of evidence in 10 minutes by using 60x more processors.¶

See Section 4.6.2 for detailed analysis of parallelization resistance in each VDF algorithm.¶

6.4.1. Field Definitions

total-entropy-bits (key 1):

Aggregate entropy across all Jitter Seals in the evidence packet, expressed in bits. Computed as sum(jitter-summary[i].estimated-entropy-bits) for all i.¶

sample-count (key 2):

Total number of timing samples captured across all Jitter Seals. Higher sample counts increase confidence in the entropy estimate.¶

entropy-per-sample (key 3):

Average entropy contribution per timing sample, calculated as total-entropy-bits / sample-count. Typical human typing contributes 2-4 bits per inter-key interval.¶

brute-force-probability (key 4):

Probability of successfully guessing the entropy commitment by brute force, calculated as 2^(-total-entropy-bits). For 64 bits of entropy, this is approximately 5.4 x 10^-20.¶

replay-possible (key 5):

Boolean indicating whether Jitter Seal replay is theoretically possible. This is false when VDF entanglement is properly configured (entropy commitment appears in VDF input).¶

replay-prevention (key 6, optional):

Human-readable description of replay prevention mechanisms. Typical value: "VDF entanglement with prev-checkpoint binding".¶

6.4.2. Entropy Bound Verification

A Verifier computes and validates the entropy bound as follows:¶

1. Aggregate Entropy:¶

   Sum estimated-entropy-bits from each checkpoint's jitter-summary. Verify the total matches total-entropy-bits.¶

2. Count Samples:¶

   Sum sample-count from each jitter-summary. Verify consistency with the claimed sample-count.¶

3. Verify Entropy Estimates:¶

   If raw-intervals are disclosed, recompute the histogram and Shannon entropy. Verify consistency with the claimed entropy estimate.¶

4. Check Replay Prevention:¶

   Verify each entropy-commitment appears in the corresponding VDF input. If VDF entanglement is absent, set replay-possible to true.¶

5. Compute Brute-Force Probability:¶

   Calculate 2^(-total-entropy-bits) and verify it matches the claimed brute-force-probability within floating-point tolerance.¶

6.4.3. Minimum Entropy Requirements

RECOMMENDED minimum entropy thresholds by evidence tier:¶

Evidence packets failing to meet minimum entropy thresholds SHOULD be flagged in the security-statement caveats.¶

6.5.1. Field Definitions

cost-model-version (key 1):

Identifier for the cost model used (e.g., "witnessd-cost-2025Q1"). Cost models are versioned because hardware prices and computational costs change over time.¶

cost-model-date (key 2):

Timestamp when the cost model was established. Cost estimates should be re-evaluated if the model is more than 12 months old.¶

compute-cost (key 3):

Cost of computational resources required to recompute the VDF chain. Includes:¶

• Cloud compute instance cost for min-recompute-seconds¶
• Electricity cost for sustained computation¶
• Amortized hardware cost if using dedicated equipment¶

time-cost (key 4):

Opportunity cost of the wall-clock time required for forgery. An adversary attempting to forge 10-hour evidence cannot use that time for other purposes. This is modeled as the economic value of the adversary's time.¶

total-min-cost (key 5):

Minimum total cost to forge the evidence, combining compute and time costs. This is the primary metric for cost-benefit analysis.¶

cost-per-hour-claimed (key 6):

Forgery cost normalized by claimed authoring duration, calculated as total-min-cost / claimed-duration-hours. This metric enables comparison across evidence packets of different lengths.¶

6.5.2. Cost Estimate Structure

Each cost-estimate includes a point estimate and confidence range:¶

usd (key 1):

Point estimate in US dollars. This is the expected cost under typical assumptions.¶

usd-low (key 2):

Lower bound of 90% confidence interval. Represents cost assuming adversary has access to discounted resources.¶

usd-high (key 3):

Upper bound of 90% confidence interval. Represents cost assuming adversary must acquire resources at market rates.¶

basis (key 4):

Human-readable description of the cost calculation basis (e.g., "AWS c7i.large @ $0.085/hr + $0.10/kWh electricity").¶

6.5.3. Cost Computation

Reference cost computation for compute-cost:¶

Compute cost model:
  hourly_rate = cloud_rate + elec_rate * power
  compute_hours = min_recompute_seconds / 3600
  compute_cost_usd = hourly_rate * compute_hours

Confidence interval (assumes 50% rate variance):
  compute_cost_low = compute_cost_usd * 0.5
  compute_cost_high = compute_cost_usd * 1.5

Reference cost computation for time-cost:¶

Time cost model (opportunity cost, skilled labor rate):
  hourly_value = 50.0
  time_cost_usd = hourly_value * (min_recompute_seconds / 3600)

Confidence interval (labor rate variance):
  time_cost_low = time_cost_usd * 0.2
  time_cost_high = time_cost_usd * 4.0

These are reference calculations. Implementations MAY use different cost models appropriate to their deployment context.¶

6.5.4. Cost Model Depreciation

Hardware costs decrease and computational speeds increase over time. Cost estimates depreciate accordingly:¶

• Moore's Law Effect:¶

  Compute cost per operation halves approximately every 2 years. A cost model from 2023 overestimates 2025 forgery costs by roughly 2x.¶

• Hardware Acceleration:¶

  New hardware (GPUs, ASICs) may provide step-function improvements for specific algorithms. Cost models should be updated when significant new hardware becomes available.¶

• Cloud Pricing:¶

  Cloud compute costs generally decrease over time. Cost models should reference current pricing.¶

Verifiers SHOULD apply a depreciation adjustment when evaluating cost bounds with cost-model-date more than 12 months in the past:¶

years_elapsed = (current_date - cost_model_date) / 365
depreciation_factor = 0.7 ^ years_elapsed  # ~30% annual decrease
adjusted_cost = original_cost * depreciation_factor

6.6.1. Field Definitions

claim (key 1):

Human-readable security claim. MUST be phrased as a minimum bound, not an absolute guarantee. Example:¶

"Forging this evidence requires at minimum 8.3 hours of sequential computation, 67 bits of entropy prediction, and an estimated $42-$126 in resources."¶

formal (key 2):

Machine-readable security bounds for automated policy evaluation.¶

assumptions (key 3):

List of assumptions under which the security claim holds. MUST include at minimum:¶

• Cryptographic assumption (e.g., "SHA-256 preimage resistance")¶
• Hardware assumption (e.g., "Calibration attestation is accurate")¶
• Adversary model (e.g., "Adversary cannot parallelize VDF computation")¶

caveats (key 4):

List of limitations or warnings about the security claim. Examples:¶

• "Cost estimates based on 2024Q4 cloud pricing"¶
• "Entropy estimate assumes timing samples are independent"¶
• "Does not protect against Attesting Environment compromise"¶

6.6.2. Formal Security Bound

The formal-security-bound provides three orthogonal minimum requirements for forgery:¶

min-seconds (key 1):

Minimum wall-clock seconds to forge the evidence. Derived from time-bound.min-recompute-seconds.¶

min-entropy-bits (key 2):

Minimum entropy bits an adversary must predict or generate. Derived from entropy-bound.total-entropy-bits.¶

min-cost-usd (key 3):

Minimum cost in USD to forge the evidence. Derived from economic-bound_total-min-cost_usd-low (conservative estimate).¶

Relying Parties can evaluate these bounds against their risk tolerance. For example, a policy might require:¶

Example Relying Party policy:
  accept_evidence if:
      min-seconds >= 3600        AND   (At least 1 hour)
      min-entropy-bits >= 64     AND   (At least 64 bits)
      min-cost-usd >= 100              (At least $100)

6.8.1. Assumed Adversary Capabilities

Forgery cost bounds assume an adversary with:¶

• Access to commodity hardware at market prices¶
• Ability to execute VDF algorithms correctly¶
• No ability to parallelize inherently sequential VDFs¶
• No ability to predict behavioral entropy in advance¶
• No compromise of the Attesting Environment during evidence generation¶

Bounds may not hold against adversaries who:¶

• Have access to specialized hardware (ASICs) at below-market cost¶
• Can compromise the Attesting Environment¶
• Discover novel attacks on VDF or hash function constructions¶
• Have access to quantum computers capable of breaking cryptographic assumptions¶

6.8.2. Limitations of Cost Bounds

Forgery cost bounds provide lower bounds, not guarantees:¶

Unknown Attacks:

The bounds assume current best-known attacks. Future cryptanalytic advances may reduce actual forgery costs.¶

Cost Model Accuracy:

Economic estimates depend on cost model assumptions. Actual adversary costs may differ based on resource access.¶

Entropy Estimation:

Shannon entropy estimates assume independent samples. Correlations in timing data may reduce effective entropy.¶

Calibration Trust:

Time bounds depend on calibration accuracy. Without hardware attestation, calibration is self-reported and may be manipulated.¶

6.8.3. What Bounds Do NOT Guarantee

Forgery cost bounds explicitly do NOT provide:¶

• Authenticity Proof:¶

  Evidence meeting cost thresholds is not proven authentic. It is proven expensive to forge. These are distinct claims.¶

• Content Verification:¶

  Bounds say nothing about document content, quality, or accuracy. Only the process evidence is bounded.¶

• Intent Attribution:¶

  Bounds do not prove who created the evidence or why. Identity and intent are outside the scope of cost analysis.¶

• Long-Term Security:¶

  Bounds depreciate over time. Evidence considered secure today may have insufficient bounds in 10 years.¶

6.8.4. Policy Guidance for Relying Parties

Relying Parties should establish policies based on:¶

1. Risk Assessment:¶

   What is the cost of accepting forged evidence? High-stakes decisions require higher cost thresholds.¶

2. Adversary Economics:¶

   Would forgery be economically rational? If forgery costs exceed potential gain, rational adversaries will not attempt it.¶

3. Time Sensitivity:¶

   How quickly must evidence be verified? Long verification delays may reduce the utility of cost bounds.¶

4. Corroborating Evidence:¶

   Cost bounds are one factor among many. External anchors, hardware attestation, and contextual information all contribute to overall confidence.¶

7.3.1. Parent Chain Hash Verification

For each provenance-link, if the parent Evidence packet is available:¶

1. Verify that parent-packet-id matches the packet-id field of the parent Evidence packet.¶
2. Verify that parent-chain-hash matches the checkpoint-hash of the final checkpoint in the parent Evidence packet.¶
3. Verify that the derivation timestamp is not earlier than the created timestamp of the parent packet.¶

If the parent Evidence packet is not available, the Verifier SHOULD note this limitation in the Attestation Result caveats. The provenance link remains valid but unverified.¶

7.3.2. Cross-Packet Attestation

When cross-packet-attestation is present, it provides cryptographic proof that the author of the current packet had access to the parent packet at the time of derivation:¶

cross-packet-attestation = COSE_Sign1(
    payload = CBOR_encode({
        1: current-packet-id,
        2: parent-packet-id,
        3: parent-chain-hash,
        4: derivation-timestamp,
    }),
    key = author-signing-key
)

This attestation prevents retroactive provenance claims where an author discovers an existing Evidence packet and falsely claims derivation after the fact.¶

7.5.1. Continuation Example

A dissertation written over 18 months with monthly Evidence exports:¶

provenance-section = {
  1: [  / parent-links /
    {
      1: h'550e8400e29b41d4a716446655440000',  / parent-packet-id /
      2: {1: 1, 2: h'abcd1234...'},            / parent-chain-hash /
      3: 1,                         / type: continuation /
      4: 1(1709251200),                        / Feb 2024 /
      5: "Continued from January 2024 export"
    }
  ],
  3: {  / metadata /
    1: "This is month 2 of an ongoing dissertation project",
    2: true  / all-parents-available /
  }
}

7.5.2. Merge Example

A collaborative paper merging contributions from three authors:¶

provenance-section = {
  1: [  / parent-links /
    {
      1: h'author1-packet-uuid...',
      2: {1: 1, 2: h'hash1...'},
      3: 2,  / merge /
      4: 1(1709337600),
      5: "Alice's methodology section"
    },
    {
      1: h'author2-packet-uuid...',
      2: {1: 1, 2: h'hash2...'},
      3: 2,  / merge /
      4: 1(1709337600),
      5: "Bob's results section"
    },
    {
      1: h'author3-packet-uuid...',
      2: {1: 1, 2: h'hash3...'},
      3: 2,  / merge /
      4: 1(1709337600),
      5: "Carol's introduction and discussion"
    }
  ],
  2: [  / derivation-claims /
    {1: 1, 2: 3, 3: "Structure from Alice's draft"},
    {1: 2, 2: 2, 3: "Content merged from all three"},
    {1: 4, 2: 4, 3: "Data primarily from Bob"}
  ]
}

8.4.1. Single Packet Verification

Each packet in a continuation series MUST be independently verifiable. A Verifier with access only to packet N can:¶

• Verify all checkpoint chain integrity within the packet.¶
• Verify all VDF proofs within the packet.¶
• Verify jitter bindings within the packet.¶
• Report the cumulative-summary as claimed (not proven without prior packets).¶

The Attestation Result SHOULD note that the packet is part of a series and whether prior packets were verified.¶

8.4.2. Full Series Verification

When all packets in a series are available, a Verifier MUST:¶

1. Verify each packet independently.¶
2. Verify that series-id is consistent across all packets.¶
3. Verify that packet-sequence values are consecutive starting from 0.¶
4. For each packet N > 0, verify that prev-packet-chain-hash matches the final checkpoint-hash of packet N-1.¶
5. For each packet N > 0, verify that the first checkpoint's VDF_input incorporates the previous packet's final VDF_output.¶
6. Verify that cumulative-summary values are consistent with the sum of individual packet statistics.¶

8.6.1. When to Export a Continuation Packet

Implementations SHOULD support configurable triggers for continuation packet export:¶

• Checkpoint count threshold: Export after N checkpoints (e.g., 1000).¶
• Time interval: Export weekly or monthly.¶
• Document size threshold: Export when document exceeds N characters.¶
• Manual trigger: User-initiated export.¶
• Milestone events: Export at chapter completion or version milestones.¶

8.6.2. Handling Gaps in Series

If a packet in a series is lost or unavailable:¶

• Subsequent packets remain independently verifiable.¶
• The cumulative-summary provides claimed totals but cannot be proven without all packets.¶
• Verifiers MUST note the gap in Attestation Results.¶
• Chain continuity verification fails at the gap but resumes for subsequent contiguous packets.¶

9.3.1. Weighted Average Model

The most common computation model, where each factor contributes proportionally to its weight:¶

confidence-score = sum(factor[i].weight * factor[i].normalized-score)
                   / sum(factor[i].weight)

Constraints:
  - sum(weights) SHOULD equal 1.0 for clarity
  - All normalized-scores are in [0.0, 1.0]
  - Resulting confidence-score is in [0.0, 1.0]

Example:
  vdf-duration:      weight=0.30, score=0.95, contribution=0.285
  jitter-entropy:    weight=0.25, score=0.80, contribution=0.200
  presence-rate:     weight=0.20, score=1.00, contribution=0.200
  chain-integrity:   weight=0.15, score=1.00, contribution=0.150
  hardware-attest:   weight=0.10, score=0.00, contribution=0.000

  confidence-score = 0.285 + 0.200 + 0.200 + 0.150 + 0.000 = 0.835

9.3.2. Minimum-of-Factors Model

A conservative model where the overall score is limited by the weakest factor:¶

confidence-score = min(factor[i].normalized-score for all i)

Use case: High-security contexts where all factors must be strong.

Example:
  vdf-duration:      score=0.95
  jitter-entropy:    score=0.80
  presence-rate:     score=1.00
  chain-integrity:   score=1.00
  hardware-attest:   score=0.00  <-- limiting factor

  confidence-score = 0.00

This model is appropriate when any weakness should disqualify the Evidence, such as forensic or legal contexts.¶

9.3.3. Geometric Mean Model

A balanced model that penalizes outliers more than weighted average but less than minimum:¶

confidence-score = (product(factor[i].normalized-score))^(1/n)

Example with 5 factors:
  scores = [0.95, 0.80, 1.00, 1.00, 0.60]
  product = 0.95 * 0.80 * 1.00 * 1.00 * 0.60 = 0.456
  confidence-score = 0.456^(1/5) = 0.838

9.4.1. Threshold Normalization

For factors with a minimum threshold:
  if raw_value >= threshold:
      normalized = 1.0
  else:
      normalized = raw_value / threshold

Example: vdf-duration with 3600s threshold
  raw_value = 2700s
  normalized = 2700 / 3600 = 0.75

9.4.2. Range Normalization

For factors with min/max range:
  normalized = (raw_value - min) / (max - min)
  normalized = clamp(normalized, 0.0, 1.0)

Example: typing-rate with acceptable range 20-200 WPM
  raw_value = 75 WPM
  normalized = (75 - 20) / (200 - 20) = 0.306

9.4.3. Binary Normalization

For pass/fail factors:
  normalized = 1.0 if present/valid else 0.0

Example: hardware-attestation
  TPM attestation present and valid: normalized = 1.0
  No hardware attestation: normalized = 0.0

10.4.1. Reference-Only Verification

Without fetching the full Evidence packet, a verifier can:¶

1. Verify the compact-signature is valid.¶
2. Identify the signer (author, verifier, or service).¶
3. Check that evidence-uri is from a trusted source.¶
4. Display the compact-summary to the user.¶

This provides basic assurance that Evidence exists and was attested by a known party, without full verification.¶

10.4.2. Full Verification via URI

For complete verification:¶

1. Fetch the Evidence packet from evidence-uri.¶
2. Verify that packet-id matches.¶
3. Verify that chain-hash matches the final checkpoint-hash.¶
4. Verify that document-hash matches the document-ref content-hash.¶
5. Perform full Evidence verification per this specification.¶
6. Verify that compact-summary values match the actual Evidence.¶

Discrepancies between the compact reference and the fetched Evidence MUST cause verification to fail.¶

10.5.1. CBOR Encoding

The native format is CBOR with the 0x50505021 tag. This is the most compact binary representation, suitable for:¶

• Binary metadata fields¶
• Protocol messages¶
• Database storage¶

Typical size: 150-250 bytes.¶

10.5.2. Base64 Encoding

For text-only contexts, the CBOR bytes are base64url-encoded:¶

pop-ref:2nQAAZD1UPAgowGQA...base64url...

The "pop-ref:" prefix enables detection and parsing. Typical size: 200-350 characters.¶

10.5.3. URI Encoding

A URI scheme for direct linking:¶

pop://verify.example.com/ref/2nQAAZD1UPAgowGQA...

Scheme: pop
Host: verification service
Path: /ref/{base64url-encoded-compact-ref}

Clicking/scanning the URI opens the verification service with the compact reference pre-loaded.¶

10.5.4. QR Code Encoding

For physical media, the URI or base64 encoding can be represented as a QR code:¶

• Version 6 QR (41x41): Sufficient for ~150 byte references¶
• Version 10 QR (57x57): Sufficient for ~300 byte references¶
• Error correction level M recommended for print durability¶

10.6.1. PDF Documents

XMP Metadata location:
  /x:xmpmeta/rdf:RDF/rdf:Description[@xmlns:pop]

Custom namespace:
  xmlns:pop="http://example.com/ns/pop/1.0/"

Properties:
  pop:evidenceRef     = base64url-encoded compact reference
  pop:evidenceURI     = full Evidence packet URI
  pop:verificationURI = verification service URI

10.6.2. Git Commits

Commit message footer:

  Pop-Evidence-Ref: pop-ref:2nQAAZD1UPAgowGQA...
  Pop-Evidence-URI: https://evidence.example.com/packets/abc123.pop

Git notes (alternative):
  git notes --ref=pop-evidence add -m "pop-ref:2nQAAZD1..."

10.6.3. Image Files

EXIF UserComment tag (0x9286):
  pop-ref:2nQAAZD1UPAgowGQA...

XMP (for formats supporting it):
  Same structure as PDF XMP

11.1.1. Adversary Goals

The specification defends against adversaries pursuing the following objectives:¶

Backdating Evidence:

Creating evidence that claims to document a process occurring earlier than it actually did. This attack is relevant when priority or timeline claims matter (e.g., intellectual property disputes, academic submissions with deadlines).¶

Fabricating Process:

Creating evidence for a document that was not actually authored through the claimed process. This includes generating evidence for documents created entirely by automated means, or evidence claiming gradual authorship for content that was produced in a single operation (paste, import, generation).¶

Transplanting Evidence:

Taking legitimate evidence from one authoring session and associating it with a different document. This attack attempts to transfer the credibility of genuine evidence to unrelated content.¶

Selective Disclosure:

Omitting checkpoints or evidence sections that would reveal unfavorable information (e.g., large paste operations, gaps in activity). This attack attempts to present a misleadingly favorable subset of the actual process.¶

11.1.2. Assumed Adversary Capabilities

The specification assumes adversaries have the following capabilities:¶

Software Control:

The adversary has full control over software running on their device, including the ability to modify or replace the Attesting Environment. They can intercept, modify, or fabricate any software-generated data.¶

Commodity Hardware Access:

The adversary can acquire commodity computing hardware at market prices. They may have access to cloud computing resources and can rent substantial computational capacity.¶

Bounded Compute Resources:

The adversary's computational resources are bounded by economic constraints. They cannot instantaneously compute arbitrarily large numbers of VDF iterations. The time required for sequential computation cannot be circumvented with additional resources.¶

Algorithm Knowledge:

The adversary has complete knowledge of all algorithms and protocols used by the specification. Security does not depend on obscurity; the specification is public.¶

Statistical Sophistication:

The adversary can perform statistical analysis and may attempt to generate synthetic behavioral data that passes statistical tests.¶

11.1.3. Out-of-Scope Adversaries

The specification explicitly does NOT defend against:¶

Nation-State Adversaries with HSM Compromise:

Adversaries capable of extracting keys from hardware security modules (TPM, Secure Enclave) through sophisticated physical attacks, side-channel analysis, or manufacturer compromise. Hardware attestation assumes HSM integrity.¶

Cryptographic Breakthrough:

Adversaries with access to novel cryptanalytic techniques that break SHA-256 collision resistance, ECDSA signature security, or other standard cryptographic primitives. The specification relies on established cryptographic assumptions.¶

Quantum Adversaries:

Adversaries with access to fault-tolerant quantum computers capable of executing Shor's algorithm (breaking RSA/ECDSA) or providing significant Grover speedups. Post-quantum considerations are noted in Section 4.5.2 but full quantum resistance is not claimed.¶

Time Travel:

Adversaries capable of creating evidence at one point in time and presenting it as if created earlier, where external anchors are not available or have been compromised. External timestamp authorities are trusted for absolute time claims.¶

Coerced Authors:

Adversaries who coerce legitimate authors into producing evidence under duress. The specification documents process, not intent or consent.¶

The exclusion of these adversaries is not a weakness but a recognition of practical threat modeling. Evidence systems appropriate for defending against nation-state actors would impose costs and constraints unsuitable for general authoring scenarios.¶

11.2.1. Hash Function Security

Hash functions are used throughout the specification for content binding, chain construction, entropy commitment, and VDF computation.¶

Required Properties:

• Collision Resistance:¶

  It must be computationally infeasible to find two distinct inputs that produce the same hash output. This property ensures that different document states produce different content-hash values.¶

• Preimage Resistance:¶

  Given a hash output, it must be computationally infeasible to find any input that produces that output. This property prevents adversaries from constructing documents that match a predetermined hash.¶

• Second Preimage Resistance:¶

  Given an input and its hash, it must be computationally infeasible to find a different input with the same hash. This property prevents document substitution attacks.¶

Algorithm Requirements:

SHA-256 is RECOMMENDED and MUST be supported by all implementations. SHA-3-256 SHOULD be supported for algorithm agility. Hash functions with known weaknesses (MD5, SHA-1) MUST NOT be used.¶

Security Margin:

SHA-256 provides 128-bit security against collision attacks and 256-bit security against preimage attacks under classical assumptions. Grover's algorithm reduces these to 85-bit and 128-bit respectively under quantum assumptions. This margin is considered adequate for the specification's threat model.¶

11.2.2. Signature Security

Digital signatures are used for checkpoint chain authentication, hardware attestation, calibration binding, and Attestation Result integrity.¶

COSE Algorithm Requirements:

Implementations MUST support COSE algorithm identifiers:¶

• ES256 (ECDSA with P-256 and SHA-256): MUST support¶
• ES384 (ECDSA with P-384 and SHA-384): SHOULD support¶
• EdDSA (Ed25519): SHOULD support¶

RSA-based algorithms (PS256, RS256) MAY be supported for compatibility with legacy systems but are not recommended for new implementations due to larger signature sizes and post-quantum vulnerability.¶

Key Size Requirements:

Minimum key sizes for 128-bit security:¶

• ECDSA: P-256 curve or larger¶
• EdDSA: Ed25519 or Ed448¶
• RSA: 3072 bits or larger¶

Signature Binding:

Signatures MUST bind to the complete payload being signed. Partial payload signatures (signing a subset of fields) create opportunities for field substitution attacks. The chain-mac field provides additional binding beyond the checkpoint signature.¶

11.2.3. VDF Security

Verifiable Delay Functions provide the temporal security foundation of the specification. VDF security rests on the sequential computation requirement.¶

Sequential Computation:

The VDF output cannot be computed significantly faster than the specified number of sequential operations. For iterated hash VDFs, this reduces to the assumption that no algorithm computes H^n(x) faster than n sequential hash evaluations. No such algorithm is known for cryptographic hash functions.¶

Parallelization Resistance:

Additional computational resources (more processors, GPUs, ASICs) cannot reduce the wall-clock time required for VDF computation. The iterated hash construction is inherently sequential: each iteration depends on the previous output.¶

See Section 4.6.2 for detailed analysis.¶

Verification Soundness:

For iterated hash VDFs, verification is by recomputation. The Verifier executes the same computation and compares results. This provides perfect soundness: a claimed output that differs from the actual computation will always be detected.¶

For succinct VDFs ([Pietrzak2019], [Wesolowski2019]), verification relies on the cryptographic hardness of the underlying problem (RSA group or class group). Soundness is computational rather than perfect.¶

11.2.4. Key Management

Proper key management is essential for maintaining evidence integrity.¶

Hardware-Bound Keys:

When available, signing keys SHOULD be bound to hardware security modules (TPM, Secure Enclave). Hardware binding provides:¶

• Key non-exportability: Private keys cannot be extracted from the device¶
• Device binding: Evidence can be tied to a specific physical device¶
• Tamper resistance: Key compromise requires physical attack¶

Session Keys:

The checkpoint-chain-key used for chain-mac computation SHOULD be derived uniquely for each session. Key derivation SHOULD use HKDF (RFC 5869) with domain separation:¶

chain-key = HKDF-SHA256(
    salt = session-entropy,
    ikm = device-master-key,
    info = "witnessd-chain-v1" || session-id
)

¶

Key Rotation:

Device keys SHOULD be rotated periodically (RECOMMENDED: annually) or upon suspected compromise. Evidence packets created with revoked keys SHOULD be flagged during verification.¶

11.3.1. What the AE Is Trusted For

The AE is trusted to perform accurate observation and honest reporting of the specific data it captures:¶

Accurate Timing Measurement:

The AE is trusted to accurately measure inter-keystroke intervals and other timing data. This does not require trusting the content of keystrokes, only the timing between events.¶

Correct Hash Computation:

The AE is trusted to correctly compute cryptographic hashes of document content. Verification can detect incorrect hashes, but cannot detect if the AE computed a hash of different content than claimed.¶

VDF Execution:

The AE is trusted to actually execute VDF iterations rather than fabricating outputs. This trust is partially verifiable: VDF outputs can be recomputed, but the claimed timing cannot be independently verified without calibration attestation.¶

Monitoring Events (for monitoring-dependent claims):

For claims in the monitoring-dependent category (types 16-63), the AE is trusted to have actually observed and reported the events (or non-events) it claims. This trust is documented in the ae-trust-basis field.¶

11.3.2. What the AE Is NOT Trusted For

The specification explicitly does NOT rely on AE trust for the following:¶

Content Judgment:

The AE makes no claims about document quality, originality, accuracy, or appropriateness. Evidence documents process, not content merit.¶

Intent Inference:

The AE makes no claims about why the author performed specific actions, what the author was thinking, or whether the author intended to deceive. Evidence documents observable behavior, not mental states.¶

Authorship Attribution:

The AE makes no claims about who was operating the device. The evidence shows that input events occurred on a device; it does not prove that a specific individual produced those events.¶

Cognitive Process:

Behavioral patterns consistent with human typing do not prove human cognition. An adversary could theoretically program input patterns that mimic human timing while the content originates elsewhere. The Jitter Seal makes this costly, not impossible.¶

11.3.3. Hardware Attestation Role

Hardware attestation increases AE trust by binding evidence to verified hardware:¶

[TPM2.0] (Linux, Windows):

Provides platform integrity measurement (PCRs), key sealing to platform state, and hardware-bound signing keys. TPM attestation proves that the AE was running on a specific device in a specific configuration.¶

Secure Enclave (macOS, iOS):

Provides hardware-bound key generation and signing operations. Keys generated in the Secure Enclave cannot be exported, binding signatures to the specific device.¶

Attestation Limitations:

Hardware attestation proves the signing key is hardware-bound; it does not prove the AE software is unmodified. Full AE integrity would require secure boot attestation and runtime integrity measurement, which are platform-specific and not universally available.¶

11.3.4. Compromised AE Scenarios

Understanding the impact of AE compromise is essential for risk assessment:¶

Modified AE Software:

An adversary running modified AE software can fabricate any monitoring-dependent claims (types 16-63). Chain-verifiable claims (types 1-15) remain bound by VDF computational requirements even with modified software.¶

Fake Calibration:

Modified software could report artificially slow calibration rates, making subsequent VDF computations appear to take longer than they actually did. This attack is mitigated by:¶

• Hardware-signed calibration attestation (when available)¶
• Plausibility checks based on device class¶
• External anchor cross-validation¶

Fabricated Jitter Data:

Modified software could generate synthetic timing data that mimics human patterns. The cost of this attack is bounded by:¶

• Real-time generation requirement (VDF entanglement)¶
• Statistical consistency across checkpoints¶
• Entropy threshold requirements¶

See Section 3.8.2 for quantified bounds on simulation attacks.¶

Mitigation Summary:

AE compromise cannot reduce the VDF computational requirement or bypass the sequential execution constraint. Compromise enables fabrication of monitoring data but does not eliminate the time cost of forgery. The forgery-cost-section quantifies the minimum resources required even with full software control.¶

11.4.1. Verifier Independence

Evidence verification is designed to be independent of the Attester:¶

No Shared State:

Verification requires no communication with or data from the Attester beyond the Evidence packet itself. A Verifier with only the .pop file can perform complete verification.¶

Adversarial Verification:

A skeptical Verifier can appraise Evidence without trusting any claims made by the Attester. All cryptographic proofs are included and can be recomputed independently.¶

Multiple Independent Verifiers:

Multiple Verifiers appraising the same Evidence should reach consistent results for chain-verifiable claims. Monitoring- dependent claims may receive different confidence assessments based on Verifier policies.¶

11.4.2. Sampling Strategies for Large Evidence Packets

Evidence packets may contain thousands of checkpoints. Full verification of all VDF proofs may be impractical. Verifiers MAY use sampling strategies:¶

Boundary Verification:

Always verify the first and last checkpoints fully. This confirms the chain endpoints.¶

Random Sampling:

Randomly select checkpoints for full VDF verification. If any sampled checkpoint fails, reject the entire Evidence. Probability of detecting a single invalid checkpoint with k samples from n checkpoints: 1 - (1 - 1/n)^k.¶

Chain Linkage Verification:

Verify prev-hash linkage for ALL checkpoints (computationally cheap). This ensures no checkpoints were removed or reordered.¶

Anchor-Bounded Verification:

If external anchors are present, prioritize verification of checkpoints adjacent to anchors. External timestamps bound the timeline at anchor points.¶

Sampling Disclosure:

Attestation Results SHOULD disclose the sampling strategy used and the number of checkpoints fully verified. Relying Parties can assess whether the sampling provides adequate confidence for their use case.¶

11.4.3. External Anchor Verification

External anchors (RFC 3161 timestamps, blockchain proofs) provide absolute time binding but introduce additional trust requirements:¶

Timestamp Authority Trust:

Timestamps per [RFC3161] require trust in the Time Stamping Authority (TSA). Verifiers SHOULD use TSAs with published policies and audit records. Multiple TSAs MAY be used for redundancy.¶

Blockchain Anchor Verification:

Blockchain-based anchors require access to blockchain data (directly or via APIs). Verifiers SHOULD verify:¶

• The transaction containing the anchor is confirmed¶
• Sufficient confirmations for the security level required¶
• The anchor commitment matches the expected checkpoint data¶

Anchor Freshness:

Anchors prove that Evidence existed at the anchor time; they do not prove Evidence was created at that time. An adversary could create Evidence, wait, then obtain an anchor. This is mitigated by anchor coverage requirements (multiple anchors throughout the session).¶

11.5.1. Replay Attack Prevention

Replay attacks attempt to reuse valid evidence components in invalid contexts. Multiple mechanisms prevent replay:¶

Nonce Binding:

Session entropy (random 256-bit seed) is incorporated into the genesis checkpoint VDF input. This prevents precomputation of VDF outputs before a session begins.¶

Chain Binding:

Each checkpoint includes prev-hash, binding it to the specific chain history. Checkpoints cannot be transplanted between chains without invalidating the hash linkage.¶

See Section 3.8.1 for jitter-specific replay prevention.¶

Sequence Binding:

Checkpoint sequence numbers MUST be strictly monotonic. Duplicate or out-of-order sequence numbers indicate manipulation.¶

Content Binding:

VDF inputs incorporate content-hash, binding temporal proofs to specific document states. Evidence for one document cannot be transferred to another without VDF recomputation.¶

11.5.2. Transplant Attack Prevention

Transplant attacks attempt to associate legitimate evidence from one context with content from another context:¶

Content-VDF Binding:

The VDF input includes content-hash:¶

VDF_input{N} = H(
    VDF_output{N-1} ||
    content-hash{N} ||
    jitter-commitment{N} ||
    sequence{N}
)

¶

Changing the document content requires recomputing all subsequent VDF proofs.¶

Jitter-VDF Binding:

The jitter-commitment is entangled with VDF input. Transplanting jitter data from another session is infeasible because it would require the original VDF output (which depends on different content) or recomputing the entire VDF chain with new jitter (which requires capturing new behavioral entropy in real time).¶

Chain MAC:

The chain-mac field HMAC-binds checkpoints to the session's chain-key:¶

chain-mac = HMAC-SHA256(
    key = chain-key,
    message = checkpoint-hash || sequence || session-id
)

¶

Without the chain-key, an adversary cannot construct valid chain-mac values for transplanted checkpoints.¶

11.5.3. Backdating Attack Costs

Backdating creates evidence claiming a process occurred earlier than it actually did. The cost of backdating is quantified by the VDF recomputation requirement:¶

VDF Recomputation:

To backdate evidence by inserting or modifying checkpoints at position P, the adversary must recompute all VDF proofs from position P forward. This requires:¶

backdate_time >= sum(iterations[i]) / adversary_vdf_rate
                 for i = P to N

¶

where N is the final checkpoint. Backdating by a significant amount (hours or days) requires proportional wall-clock time.¶

External Anchor Constraints:

If external anchors exist in the chain, backdating is constrained to the interval between anchors. An adversary cannot backdate before an anchor without also forging the external timestamp.¶

Cost Quantification:

The forgery-cost-section provides explicit cost bounds for backdating attacks, including compute costs, time costs, and economic estimates.¶

11.5.4. Omission Attack Prevention

Omission attacks selectively remove checkpoints to hide unfavorable evidence:¶

Sequence Verification:

Checkpoint sequence numbers MUST be consecutive. Missing sequence numbers indicate omission. Verifiers MUST reject chains with non-consecutive sequences.¶

Hash Chain Integrity:

Removing a checkpoint breaks the hash chain (subsequent checkpoint's prev-hash will not match). Repairing the chain requires recomputing all subsequent checkpoint hashes and VDF proofs.¶

Completeness Claims:

The checkpoint-chain-complete absence claim (type 6) explicitly asserts that no checkpoints were omitted. This claim is chain-verifiable.¶

11.6.1. Key Lifecycle Management

Key Generation:

Device keys SHOULD be generated within hardware security modules when available. Software-generated keys MUST use cryptographically secure random number generators.¶

Key Storage:

Private keys SHOULD be stored in platform-appropriate secure storage:¶

• macOS: Secure Enclave or Keychain¶
• Linux: TPM or system keyring¶
• Windows: TPM or DPAPI¶

Keys MUST NOT be stored in plaintext in the filesystem.¶

Key Rotation:

Organizations SHOULD establish key rotation policies. RECOMMENDED rotation interval: annually or upon personnel changes. Evidence packets created with revoked keys SHOULD receive reduced confidence scores.¶

Key Revocation:

Mechanisms for key revocation are outside the scope of this specification but SHOULD be considered for deployment. Certificate revocation lists (CRLs) or OCSP may be appropriate for managed environments.¶

11.6.2. Evidence Packet Storage and Transmission

Integrity Protection:

Evidence packets are self-protecting through cryptographic binding. Additional encryption is not required for integrity but MAY be applied for confidentiality.¶

Confidentiality Considerations:

Evidence packets contain document hashes and behavioral data. While content is not included, statistical information about the authoring process is present. Transmission over untrusted networks SHOULD use TLS 1.3 or equivalent.¶

Archival Storage:

Evidence packets intended for long-term storage SHOULD be:¶

• Stored with redundancy (multiple copies, geographic distribution)¶
• Protected against bit rot (checksums, error-correcting codes)¶
• Associated with necessary verification materials (public keys, anchor confirmations)¶

Retention Policies:

Organizations SHOULD establish retention policies balancing evidentiary value against privacy considerations. Jitter data has privacy implications; retention beyond the verification period may not be necessary or desirable.¶

11.6.3. Verifier Policy Considerations

Minimum Requirements:

Verifiers SHOULD establish minimum requirements for acceptable Evidence:¶

• Minimum evidence tier (Basic, Standard, Enhanced, Maximum)¶
• Minimum VDF duration relative to claimed authoring time¶
• Minimum entropy threshold¶
• Required absence claims for specific use cases¶

Confidence Thresholds:

Verifiers SHOULD define confidence thresholds for acceptance:¶

• Low-stakes: confidence >= 0.3 may be acceptable¶
• Standard: confidence >= 0.5 typical requirement¶
• High-stakes: confidence >= 0.7 recommended¶
• Litigation: confidence >= 0.8 with Maximum tier¶

Caveat Handling:

Verifiers SHOULD define how caveats affect acceptance decisions. Some caveats may be disqualifying for specific use cases (e.g., "no hardware attestation" may be unacceptable for high-stakes verification).¶

11.7.1. Attacks Not Protected Against

Collusion:

If the author and a third party collude (e.g., the author provides their device credentials to another person who types while the author is credited), the Evidence will show a legitimate-looking process. The specification documents observable behavior, not identity.¶

Pre-Prepared Content:

An author could slowly type pre-prepared content, creating Evidence of a gradual process for content that already existed. The specification documents that typing occurred, not that thinking occurred during typing.¶

External Input Devices:

Input from devices not monitored by the AE (e.g., hardware keystroke injectors, remote desktop from unmonitored machines) may not be distinguishable from local input. Hardware-level input verification is outside scope.¶

Social Engineering:

Attacks that manipulate Relying Parties into accepting inappropriate Evidence (e.g., convincing a reviewer that weak Evidence is sufficient) are outside scope.¶

11.7.2. The Honest Author Assumption

The specification fundamentally documents PROCESS, not INTENT:¶

Evidence Shows What Happened:

Evidence shows that input events occurred with specific timing patterns, that VDF computation required certain time, that document states changed in sequence. Evidence does not show why any of this happened.¶

Process != Cognition:

Evidence that an author typed content gradually does not prove the author thought of that content. The author could have been transcribing, copying from memory, or following dictation.¶

Behavioral Consistency:

The correct interpretation of Evidence is "behavioral consistency": the observable process was consistent with the claimed process. This is weaker than "authorship proof" but is verifiable and falsifiable.¶

11.7.3. Content-Agnostic By Design

The specification is deliberately content-agnostic:¶

No Semantic Analysis:

Evidence contains document hashes, not content. The specification makes no claims about what was written, only how it was written.¶

No Quality Assessment:

Evidence does not indicate whether content is good, original, accurate, or valuable. Strong Evidence can accompany poor content; excellent content can have weak Evidence.¶

No AI Detection:

The specification explicitly does NOT claim to detect whether content was "written by AI" or "written by a human" in terms of content origin. It documents the observable INPUT process, which is distinct from content generation.¶

Privacy Benefit:

Content-agnosticism is a privacy feature. Evidence can be verified without accessing the document content, enabling verification of confidential documents.¶

11.8.1. Comparison to Traditional Timestamping

Traditional timestamping ([RFC3161]) proves that a document existed at a point in time. Proof of Process provides additional properties:¶

Proof of Process is complementary to timestamping. External anchors (including RFC 3161 timestamps) provide absolute time binding that strengthens VDF-based relative ordering.¶

11.8.2. Comparison to Code Signing

Code signing attests to the identity of the signer and integrity of the signed artifact. Proof of Process serves different goals:¶

Code signing establishes "who signed this"; Proof of Process establishes "how this was created." The two could be combined for comprehensive provenance documentation.¶

11.8.3. Relationship to RATS Security Model

Proof of Process implements an application-specific profile of the RATS architecture [RFC9334]. Key security model alignments:¶

Evidence vs. Attestation Results:

The separation between .pop (Evidence) and .war (Attestation Result) files follows the RATS distinction. Evidence is produced by the Attester; Attestation Results by the Verifier.¶

Appraisal Policy:

RATS defines Appraisal Policy for Evidence as the Verifier's rules for evaluating Evidence. The absence-claim thresholds and confidence-level requirements serve this role in Proof of Process.¶

Background Check vs. Passport Model:

Proof of Process supports both RATS models. The "passport model" applies when the author obtains a .war file and presents it to Relying Parties. The "background check model" applies when the Relying Party verifies the .pop file directly or through a trusted Verifier.¶

Freshness:

RATS freshness mechanisms (nonces, timestamps) align with the session-entropy and external-anchor mechanisms in Proof of Process. VDF proofs provide an additional freshness dimension: evidence of elapsed time.¶

Endorsements and Reference Values:

Hardware attestation in the hardware-section corresponds to RATS Endorsements. Calibration data serves as Reference Values for VDF timing verification.¶

For RATS-specific security guidance, implementers should also consult the RATS security considerations in [RFC9334] Section 11.¶

11.9.1. Properties Provided

Tamper-Evidence:

Modifications to Evidence packets are detectable through cryptographic verification. The hash chain, VDF entanglement, and MAC bindings ensure that alteration invalidates the Evidence.¶

Cost-Asymmetric Forgery:

Producing counterfeit Evidence requires resources (time, compute, entropy generation) disproportionate to legitimate Evidence creation. The forgery-cost-section quantifies these requirements.¶

Independent Verifiability:

Evidence can be verified by any party without access to the original device, without trust in the Attester's infrastructure, and without network connectivity (except for external anchors).¶

Privacy by Construction:

Document content is never stored in Evidence. Behavioral data is aggregated before inclusion. The specification enforces privacy through structural constraints, not policy.¶

Temporal Ordering:

VDF chain construction provides unforgeable relative ordering of checkpoints. External anchors provide absolute time binding.¶

Behavioral Binding:

Jitter Seal entanglement binds captured behavioral entropy to the checkpoint chain, making Evidence transplantation infeasible.¶

11.9.2. Properties NOT Provided

Tamper-Proof:

Evidence CAN be forged given sufficient resources. The specification makes forgery costly, not impossible.¶

Identity Proof:

Evidence does NOT prove who operated the device. It proves that input events occurred on a device, not that a specific person produced them.¶

Intent Proof:

Evidence does NOT prove why actions occurred. Observable behavior is documented; mental states are not.¶

Content Origin Proof:

Evidence does NOT prove where ideas came from. The input process is documented; the cognitive source is not.¶

Absolute Certainty:

All security properties are bounded by explicit assumptions. No claim is made to be absolute, irrefutable, or guaranteed.¶

12.1.1. No Document Content Storage

Evidence packets contain cryptographic hashes of document states, never the document content itself. This is a structural invariant:¶

• Content Hash Binding:¶

  The document-ref structure (CDDL key 5 in evidence-packet) contains only a hash-value of the final document content, the byte-length, and character count. The content itself is never included in the Evidence packet.¶

• Checkpoint Content Hashes:¶

  Each checkpoint (key 4: content-hash) contains a hash of the document state at that point. An adversary with the Evidence packet but not the document cannot recover content from these hashes.¶

• Edit Deltas Without Content:¶

  The edit-delta structure (key 7 in checkpoint) records chars-added, chars-deleted, insertions, deletions, and replacements as counts only. No information about what characters were added or deleted is included.¶

This design enables verification of process without revealing what was written, supporting confidential document workflows where the evidence must be verifiable but the content must remain private.¶

12.1.2. No Keystroke Capture

The specification captures inter-event timing intervals without recording which keys were pressed:¶

• Timing-Only Measurement:¶

  Jitter-binding captures millisecond intervals between input events. The interval "127ms" carries no information about whether the interval was between 'a' and 'b' or between 'x' and 'y'.¶

• No Character Mapping:¶

  Timing intervals are stored in observation order without any association to specific characters, words, or semantic content.¶

• No Keyboard Event Codes:¶

  Scan codes, virtual key codes, and other keyboard identifiers are not recorded. The specification treats all input events uniformly as timing sources.¶

This architecture ensures that even with complete access to an Evidence packet, no information about what was typed can be reconstructed.¶

12.1.3. No Screenshots or Screen Recording

The specification explicitly excludes visual capture mechanisms:¶

• No screenshot capture at checkpoints or any other time¶
• No screen recording or video capture¶
• No window title or application name logging¶
• No clipboard content capture (only timing of clipboard events for monitoring-dependent absence claims, and only event counts, not content)¶

Visual content capture would fundamentally violate the content-agnostic design and is architecturally excluded.¶

12.1.4. Local Evidence Generation

Evidence is generated entirely on the Attester device with no network dependency:¶

• No Telemetry:¶

  The Attesting Environment does not transmit telemetry, analytics, or any behavioral data to external services.¶

• No Cloud Processing:¶

  All cryptographic computations (hashing, VDF, signatures) occur locally. No document content or behavioral data is sent to cloud services for processing.¶

• Optional External Anchors:¶

  The only network communication is optional: external anchors (RFC 3161, OpenTimestamps, blockchain) transmit only cryptographic hashes, never document content or behavioral data.¶

Users can generate and verify Evidence in fully air-gapped environments. External anchors enhance evidence strength but are not required.¶

12.2.1. Data Collected

The following data IS collected and included in Evidence packets:¶

Timing Histograms:

Inter-event timing intervals aggregated into histogram buckets (jitter-summary, key 3 in jitter-binding). Bucket boundaries are coarse (RECOMMENDED: 0, 50, 100, 200, 500, 1000, 2000, 5000ms) to prevent precise interval reconstruction.¶

Edit Statistics:

Character counts for additions, deletions, and edit operations (edit-delta structure). These are aggregate counts, not positional data.¶

Checkpoint Hashes:

Cryptographic hashes of document states at each checkpoint. One-way functions; content cannot be recovered.¶

VDF Proofs:

Verifiable Delay Function outputs proving minimum elapsed time. These are computational proofs, not behavioral data.¶

Optional: Raw Timing Intervals:

The raw-intervals field (key 5 in jitter-binding) MAY be included for enhanced verification. This is OPTIONAL and user-controlled. When omitted, only histogram aggregates are included.¶

12.2.2. Data NOT Collected

The following data is explicitly NOT collected:¶

• Document content (text, images, formatting)¶
• Individual characters or words typed¶
• Keyboard scan codes or key identifiers¶
• Screenshots or visual captures¶
• Screen recordings or video¶
• Clipboard content (only event timing)¶
• Window titles or application names¶
• User names, email addresses, or identifiers (optional: author declaration is user-controlled)¶
• IP addresses or network identifiers¶
• Location data¶

12.2.3. Disclosure Levels

The specification supports tiered disclosure through optional fields:¶

Users SHOULD select the minimum disclosure level that meets their verification requirements. Higher tiers provide stronger evidence at the cost of revealing more behavioral data.¶

12.3.1. Identification Risks

Research has demonstrated that keystroke dynamics can serve as a behavioral biometric:¶

• Individual Identification:¶

  Detailed timing patterns can theoretically distinguish individuals with high accuracy across sessions.¶

• State Detection:¶

  Timing variations may correlate with cognitive state, fatigue, stress, or physical condition.¶

• Re-identification Risk:¶

  If an adversary has access to multiple Evidence packets from the same author, timing patterns might enable linkage across sessions even without explicit identity.¶

12.3.2. Mitigation Measures

The specification implements several measures to reduce biometric-adjacent risks:¶

Histogram Aggregation:

By default, only histogram-aggregated timing data is included in Evidence packets. The RECOMMENDED bucket width of 50ms minimum significantly reduces the precision available for behavioral fingerprinting.¶

Bucket Granularity:

The RECOMMENDED bucket boundaries (0, 50, 100, 200, 500, 1000, 2000, 5000ms) capture statistically relevant patterns while preventing reconstruction of precise keystroke sequences. Implementations MAY use coarser buckets for enhanced privacy.¶

No Character Association:

Timing intervals have no mapping to specific characters. The pattern "fast-slow-fast" reveals rhythm without content.¶

Session Isolation:

Each Evidence packet is independent. Cross-session linkage requires access to multiple packets. The specification does not provide mechanisms for linking sessions.¶

Optional Raw Disclosure:

Raw timing intervals (key 5 in jitter-binding) are optional. Users concerned about biometric exposure can ensure this field is not populated.¶

12.3.3. Regulatory Considerations

Implementations and deployments should consider applicable privacy regulations:¶

GDPR (EU/EEA):

Keystroke dynamics may constitute "special categories of personal data" under Article 9 if used for identification purposes. Implementations should document whether timing data is used for identification (prohibited without explicit consent) or solely for process evidence (may fall under different legal basis).¶

CCPA (California):

Biometric information is covered under CCPA Section 1798.140(b). Users have rights to know, delete, and opt-out. The local-only processing model simplifies compliance.¶

BIPA (Illinois):

Illinois Biometric Information Privacy Act has strict requirements for biometric data collection, including written policies and consent. Deployments in Illinois should consult legal counsel.¶

The specification's local-only processing model and user control over data disclosure support compliance, but legal interpretation varies by jurisdiction.¶

12.3.4. User Disclosure Requirements

Implementations MUST inform users about behavioral data collection:¶

1. Clear notification that timing data is captured during authoring¶
2. Explanation of what timing data reveals and does not reveal¶
3. Disclosure of where Evidence packets may be transmitted¶
4. User control over disclosure levels (histogram-only vs. raw)¶
5. Instructions for disabling timing capture if desired¶
6. Process for reviewing and deleting captured data¶

These disclosures SHOULD be presented before Evidence generation begins, not buried in terms of service.¶

12.4.1. Unsalted Mode (Value 0)

content-hash = H(document-content)

Properties:¶

• Anyone with the document can verify the binding¶
• No additional secret required for verification¶
• Document existence can be confirmed by any party with content¶

Use cases:¶

• Public documents where verification should be open¶
• Academic submissions where verifiers have document access¶
• Published works where authorship claims should be checkable¶

Privacy implications: Anyone who obtains both the document and the Evidence packet can confirm the binding. If document confidentiality matters, consider salted modes.¶

12.4.2. Author-Salted Mode (Value 1)

content-hash = H(salt || document-content)
salt-commitment = H(salt)

Properties:¶

• Author generates and retains the salt¶
• Evidence packet contains salt-commitment, not salt¶
• Author selectively reveals salt to chosen verifiers¶
• Without salt, document-hash relationship cannot be verified¶

Use cases:¶

• Confidential documents where author controls verification¶
• Selective disclosure to specific reviewers or institutions¶
• Manuscripts under review before publication¶

Privacy implications: The author has exclusive control over who can verify the document binding. The salt should be stored securely; loss of salt means verification becomes impossible.¶

12.4.3. Third-Party Escrowed Mode (Value 2)

content-hash = H(salt || document-content)
salt-commitment = H(salt)
; salt held by escrow service

Properties:¶

• Salt is held by a trusted escrow service¶
• Escrow releases salt under predefined conditions¶
• Author cannot unilaterally control verification¶
• Verification requires escrow cooperation¶

Use cases:¶

• Legal submissions where court order triggers verification¶
• Dispute resolution with neutral third-party control¶
• Time-delayed disclosure (escrow releases at future date)¶
• Contractual conditions for verification access¶

Privacy implications: Verification access is determined by escrow policy, not author discretion. Authors should understand escrow release conditions before selecting this mode.¶

12.4.4. Salt Security Considerations

For salted modes:¶

• Salts MUST be cryptographically random (minimum 256 bits)¶
• Salts MUST NOT be derived from predictable values¶
• Salt-commitment prevents brute-force guessing for short documents¶
• Salt loss makes verification impossible; backup appropriately¶
• Salt transmission should use secure channels¶

12.5.1. Anonymous Evidence Generation

Evidence packets CAN be generated without any identity disclosure:¶

• The declaration field (key 17 in evidence-packet) is OPTIONAL¶
• Within declaration, author-name (key 3) and author-id (key 4) are both OPTIONAL¶
• Device keys can be ephemeral, not linked to identity¶
• Evidence proves process characteristics without revealing who¶

Anonymous evidence is suitable for contexts where process documentation matters but author identity is irrelevant or should remain confidential.¶

12.5.2. Pseudonymous Evidence

Pseudonymous use links evidence to a consistent identifier without revealing real-world identity:¶

• author-id can be a pseudonymous identifier¶
• Device key provides cryptographic continuity without identity¶
• Multiple works can be linked to same pseudonym if desired¶
• Real identity can remain undisclosed¶

Pseudonymous evidence enables reputation building without identity exposure.¶

12.5.3. Identified Evidence

For contexts requiring identity binding:¶

• author-name and author-id can be populated with real identity¶
• Declaration signature (key 6) binds identity claim to evidence¶
• Hardware attestation can strengthen device-to-person binding¶
• External identity verification is outside specification scope¶

Identity strength depends on the verification context, not the specification. The specification provides the mechanism for identity claims; verification of those claims is a deployment concern.¶

12.5.4. Device Binding Without User Identification

Hardware attestation (hardware-section) binds evidence to a specific device without necessarily identifying the user:¶

• Device keys are bound to hardware (TPM, Secure Enclave)¶
• Evidence proves generation on a specific device¶
• Device ownership is a separate question from evidence generation¶
• Multiple users of same device produce device-linked evidence¶

Device binding strengthens evidence integrity without requiring user identification. It proves "this device" without proving "this person."¶

12.6.1. Evidence Packet Lifecycle

Evidence packets are designed as archival artifacts:¶

Creation:

Evidence accumulates during authoring session(s). Packet is finalized when authoring is complete.¶

Distribution:

Packet may be transmitted to Verifiers, stored alongside documents, or archived for future verification needs.¶

Retention:

Retention period depends on use case. Legal documents may require indefinite retention; other contexts may allow shorter periods.¶

Deletion:

Once distributed, deletion from all recipients may be impractical. Authors should consider disclosure scope before distribution.¶

12.6.2. User Rights to Deletion

Users have the following deletion capabilities:¶

• Local Data:¶

  Evidence stored locally can be deleted at any time by the author. Implementations SHOULD provide clear deletion mechanisms.¶

• Distributed Evidence:¶

  Once Evidence is transmitted to Verifiers or Relying Parties, deletion depends on those parties' policies. The specification cannot enforce deletion of distributed data.¶

• Attestation Results:¶

  .war files produced by Verifiers are controlled by Verifiers. Authors may request deletion under applicable privacy laws.¶

Authors should understand that distributing Evidence creates copies outside their control. Privacy-sensitive authors should limit distribution scope.¶

12.6.3. External Anchor Permanence

External anchors have special retention characteristics:¶

RFC 3161 Timestamps:

TSA records may be retained by the timestamp authority per their policies. Typically includes the hash committed, not any document or behavioral data.¶

Blockchain Anchors:

Blockchain records are permanent and immutable by design. The anchored hash cannot be deleted from the blockchain. This is a feature for evidence permanence but has privacy implications.¶

OpenTimestamps:

OTS proofs reference Bitcoin transactions, which are permanent. The proof structure can be deleted locally, but the Bitcoin transaction remains.¶

Users concerned about data permanence should carefully consider whether to use blockchain-based external anchors. RFC 3161 timestamps offer similar evidentiary value with more conventional retention policies.¶

IMPORTANT: Only cryptographic hashes are anchored, never document content or behavioral data. The permanent record is a hash, not the underlying information.¶

12.7.1. Information Disclosed to Verifiers

When an Evidence packet (.pop) is submitted for verification, the Verifier learns:¶

• Document hash (content-hash) - NOT the content itself¶
• Document size (byte-length, char-count)¶
• Authoring timeline (checkpoint timestamps, VDF durations)¶
• Behavioral statistics (timing histograms, entropy estimates)¶
• Edit patterns (aggregate counts, not content)¶
• Optional: Raw timing intervals if disclosed¶
• Optional: Author identity if declared¶
• Optional: Device attestation if included¶

Verifiers SHOULD NOT:¶

• Retain Evidence packets beyond verification needs¶
• Use behavioral data for purposes beyond verification¶
• Attempt to re-identify anonymous authors from behavioral patterns¶
• Share Evidence data with unauthorized parties¶

Implementations MAY define Verifier privacy policies that authors can review before submitting Evidence.¶

12.7.2. Information Disclosed to Relying Parties

Relying Parties consuming Attestation Results (.war) learn:¶

• Verification verdict (forensic-assessment)¶
• Confidence score¶
• Verified claims (specific thresholds met)¶
• Caveats and limitations¶
• Verifier identity¶
• Reference to the original Evidence packet (packet-id)¶

The .war file is designed to provide necessary trust information without full Evidence disclosure. Relying Parties needing more detail can request the original .pop file.¶

12.7.3. Minimizing Disclosure

Authors concerned about disclosure can:¶

1. Use minimal disclosure tier (histogram-only, no raw intervals)¶
2. Omit optional sections (keystroke-section, absence-section)¶
3. Use author-salted mode to control verification access¶
4. Omit declaration or use pseudonymous identity¶
5. Select Verifiers with strong privacy policies¶
6. Limit distribution to necessary Relying Parties¶

12.8.1. Correlation Risks

Multiple Evidence packets from the same author may enable linkage:¶

Behavioral Fingerprinting:

Keystroke timing patterns exhibit individual characteristics that persist across sessions. An adversary with multiple Evidence packets could potentially link them to the same author even without explicit identity.¶

Device Fingerprinting:

If device keys are reused across sessions, Evidence packets are cryptographically linkable. Hardware attestation makes this linkage explicit.¶

Stylometric Correlation:

Edit pattern statistics (though not content) may correlate with writing style. Combined with timing data, this could strengthen cross-session linkage.¶

12.8.2. Device Key Rotation

To limit cross-session correlation via device keys:¶

• Session Keys:¶

  Use per-session derived keys rather than a single device key. HKDF with session-specific info prevents direct linkage.¶

• Periodic Rotation:¶

  Rotate device keys periodically (RECOMMENDED: annually). Evidence packets signed with different keys are not cryptographically linked.¶

• Context-Specific Keys:¶

  Use different keys for different contexts (e.g., work vs. personal) to prevent cross-context linkage.¶

12.8.3. Session Isolation Properties

The specification provides inherent session isolation:¶

• Each Evidence packet has a unique packet-id (UUID)¶
• VDF chains are session-specific (session entropy in genesis)¶
• No protocol mechanism links sessions together¶
• Jitter data is bound to specific checkpoint chains¶

Cross-session linkage requires external analysis, not protocol features. The specification does not provide linkage mechanisms.¶

12.8.4. Additional Mitigations

Authors concerned about cross-session correlation can:¶

1. Use coarser histogram buckets to reduce timing precision¶
2. Omit raw-intervals field¶
3. Vary devices for different document contexts¶
4. Use different pseudonyms for different contexts¶
5. Limit Evidence distribution to minimize adversary access to multiple packets¶

12.9.1. Surveillance

The specification is designed to resist surveillance:¶

• No content transmission prevents content-based surveillance¶
• Local-only processing prevents network monitoring¶
• Optional external anchors transmit only hashes¶
• No telemetry or analytics collection¶

The primary surveillance risk is through Evidence packet distribution. Authors control this distribution.¶

12.9.2. Stored Data Compromise

If Evidence packets are compromised:¶

• Document content is NOT exposed (hash-only)¶
• Behavioral patterns MAY be exposed (timing data)¶
• Authoring timeline is exposed (timestamps)¶
• If identity declared, author identity is exposed¶

Mitigation: Encrypt Evidence packets at rest. Use access controls for stored Evidence. Limit retention period where appropriate.¶

12.9.3. Correlation

Correlation threats are addressed in Section 12.8. Key mitigations include key rotation, histogram aggregation, and distribution limiting.¶

12.9.4. Identification

Re-identification threats:¶

• Anonymous Evidence MAY be re-identifiable through behavioral patterns¶
• Histogram aggregation significantly reduces this risk¶
• Raw interval disclosure increases re-identification risk¶
• Device attestation explicitly identifies devices¶

Authors requiring strong anonymity should use minimal disclosure tier without raw intervals and without device attestation.¶

12.9.5. Secondary Use

Evidence data could theoretically be used for purposes beyond verification:¶

• Behavioral analysis for profiling¶
• Productivity monitoring¶
• Training data for machine learning¶

Mitigation: The specification does not prevent secondary use by data recipients. Authors should consider Verifier and Relying Party policies before disclosure. Implementations MAY include usage restrictions in Evidence packet metadata.¶

12.9.6. Disclosure

Unauthorized disclosure of Evidence packets:¶

• Authors control initial distribution¶
• Recipients may further distribute; specification cannot prevent¶
• Salted modes limit utility of leaked Evidence¶
• Anonymous Evidence limits identity exposure on leak¶

Authors should treat Evidence packets as potentially sensitive and limit distribution to trusted parties.¶

12.9.7. Exclusion

The risk that authors cannot participate in systems if they decline Evidence generation:¶

• Evidence generation is voluntary¶
• Disclosure levels are user-controlled¶
• Relying Parties may require Evidence for certain contexts¶
• The specification does not mandate deployment contexts¶

Deployments should consider whether Evidence requirements create exclusionary effects and provide alternatives where appropriate.¶

12.10.1. Privacy Properties Provided

Content Confidentiality:

Document content is never stored in Evidence. Verification can occur without content access (using salted modes).¶

Keystroke Privacy:

Individual keystrokes are never recorded. Only timing intervals between events are captured, without character association.¶

Local Control:

All data processing occurs locally. No external services required for Evidence generation.¶

Disclosure Control:

Authors control Evidence distribution, disclosure level, and identity exposure.¶

Pseudonymity Support:

Evidence can be generated and verified without real-world identity disclosure.¶

Selective Verification:

Salted modes enable author-controlled verification access.¶

12.10.2. Privacy Limitations

Behavioral Data Exposure:

Timing data reveals behavioral patterns. While aggregated, this data has biometric-adjacent properties.¶

Distribution Not Controlled:

Once Evidence is distributed, the specification cannot control further dissemination or use.¶

Cross-Session Linkage Risk:

Multiple Evidence packets may be linkable through behavioral analysis, even with different identities.¶

External Anchor Permanence:

Blockchain anchors create permanent records that cannot be deleted.¶

Metadata Disclosure:

Evidence packets reveal document size, authoring timeline, and edit statistics even without content.¶

12.10.3. Recommendations for Privacy-Sensitive Deployments

1. Use minimal disclosure tier (histogram-only, no raw intervals)¶
2. Consider coarser histogram buckets for enhanced privacy¶
3. Use author-salted mode for confidential documents¶
4. Avoid blockchain anchors if deletion rights are important¶
5. Rotate device keys periodically¶
6. Limit Evidence distribution to necessary parties¶
7. Review Verifier privacy policies before submission¶
8. Consider pseudonymous identities where appropriate¶
9. Provide clear user disclosures about data collection¶
10. Implement data retention policies aligned with use case¶

13.1.1. Tag for Proof of Process Packet (0x50505020)

The tag value 1347571280 (hexadecimal 0x50505020) corresponds to the ASCII encoding of "PPP " and serves as a self-describing "Proof of Process Packet" identifier. This tag encapsulates a cryptographically anchored data structure used for digital authorship attestation.¶

Unlike identity-only signatures, the Proof of Process format captures the authorship process through entangled Verifiable Delay Functions (VDFs) and human behavioral biometrics. A dedicated tag is required to enable zero-configuration identification and interoperability between authorship verification tools, academic repositories, and literary publishing platforms, providing a verifiable "forgery cost" to distinguish human-authored work from synthetic content.¶

The tagged data item is a CBOR map conforming to the evidence-packet structure defined in Section 2.3 .¶

13.1.2. Tag for Writers Authenticity Report (0x57415220)

The tag value 1463894560 (hexadecimal 0x57415220) corresponds to the ASCII encoding of "WAR " and identifies Writers Authenticity Report structures. This tag encapsulates an Attestation Result produced by Verifiers after appraising Proof of Process Evidence Packets.¶

The WAR format conveys verification verdicts, confidence scores, and forensic assessments following the IETF RATS (Remote ATtestation procedureS) architecture. A dedicated tag enables zero-configuration identification of attestation results, allowing Relying Parties to distinguish verification outcomes from raw evidence without content-type negotiation.¶

The tagged data item is a CBOR map conforming to the attestation-result structure defined in Section 2.7 .¶

13.1.3. Tag for Compact Evidence Reference (0x50505021)

The tag value 1347571281 (hexadecimal 0x50505021) corresponds to the ASCII encoding of "PPP!" and identifies Compact Evidence Reference structures. This tag encapsulates a cryptographic pointer to a full Proof of Process Evidence Packet.¶

Compact Evidence References are designed for embedding in space-constrained contexts such as document metadata (PDF XMP, EXIF), QR codes, NFC tags, git commit messages, and protocol headers. The compact reference contains the packet-id, chain-hash, document-hash, and a summary with a cryptographic signature binding all fields. A dedicated tag enables zero-configuration detection and verification of authorship claims without transmitting full evidence packets.¶

The tagged data item is a CBOR map conforming to the compact-evidence-ref structure defined in Section 10 .¶

13.1.4. Justification for Dedicated Tags

The four-byte tag values were chosen for the following reasons:¶

• Self-describing format: The ASCII-based mnemonics ("PPP ", "WAR ", "PPP!") enable immediate visual identification in hex dumps and debugging contexts.¶
• Zero-configuration detection: Applications can identify Proof of Process data without prior context or content-type negotiation.¶
• Interoperability: Standardized tags enable diverse implementations (academic systems, publishing platforms, verification services) to recognize and process data without coordination.¶
• Compact encoding: Despite being 4-byte tags, CBOR's efficient encoding minimizes overhead for these application-specific semantic markers.¶

13.4.1. Proof of Process Claim Types Registry

This document requests creation of the "Proof of Process Claim Types" registry. This registry contains the identifiers for absence claims that can be asserted and verified in Evidence packets.¶

13.4.2. Proof of Process VDF Algorithms Registry

This document requests creation of the "Proof of Process VDF Algorithms" registry. This registry contains identifiers for Verifiable Delay Function algorithms used in Evidence packets.¶

13.4.3. Proof of Process Entropy Sources Registry

This document requests creation of the "Proof of Process Entropy Sources" registry. This registry contains identifiers for behavioral entropy sources used in Jitter Seal bindings.¶

13.5.1. application/vnd.example-pop+cbor Media Type

Type name:

application¶

Subtype name:

vnd.example-pop+cbor¶

Required parameters:

N/A¶

Optional parameters:

N/A¶

Encoding considerations:

binary. As a CBOR format, it contains NUL octets and non-line-oriented data.¶

Security considerations:

This media type contains cryptographically anchored evidence of authorship process. It does not contain active or executable content. Integrity is ensured via a HMAC-SHA256 checkpoint chain and Verifiable Delay Functions (VDFs). Privacy is maintained through author-controlled salting of content hashes as defined in Section 2.5.2. Security considerations of CBOR [RFC8949] apply. See also Section 11 of this document.¶

Interoperability considerations:

While the +cbor suffix allows generic parsing, full semantic validation and behavioral forensic analysis require a witnessd-compatible processor as defined in this specification. The content is a CBOR-encoded evidence-packet structure with semantic tag 1347571280.¶

Published specification:

[this document]¶

Applications that use this media type:

Generation of digital authorship evidence by the witnessd suite and WritersLogic integrated editors. Verification services, document provenance systems, academic integrity platforms.¶

Fragment identifier considerations:

N/A¶

Additional information:

Deprecated alias names for this type:

N/A¶

Magic number(s):

0xD950505020 (CBOR tag encoding at offset 0)¶

File extension(s):

.pop¶

Macintosh file type code(s):

N/A¶

Person and email address to contact for further information:

David Condrey <david@writerslogic.com>¶

Intended usage:

COMMON¶

Restrictions on usage:

N/A¶

Author:

David Condrey¶

Change controller:

WritersLogic Inc.¶

Provisional registration:

No¶

13.5.2. application/vnd.example-war+cbor Media Type

Type name:

application¶

Subtype name:

vnd.example-war+cbor¶

Required parameters:

N/A¶

Optional parameters:

N/A¶

Encoding considerations:

binary. As a CBOR-encoded format, it contains NUL octets and non-line-oriented data.¶

Security considerations:

This media type conveys the final appraisal result (verdict) of an authorship attestation. (1) It does not contain active or executable content. (2) Integrity and authenticity are provided via a COSE signature [RFC9052] that MUST be verified against the Verifier's public key. (3) The information identifies a specific document by its content hash; privacy is managed through the hash-salting protocols defined in Section 2.5.2. (4) The security considerations for CBOR [RFC8949] and COSE [RFC9052] apply. Users are cautioned not to rely on unsigned or unverified .war files for high-stakes authenticity claims. See also Section 11 of this document.¶

Interoperability considerations:

The +cbor suffix allows generic CBOR tools to identify the underlying encoding. This format is a specific profile of the RATS Attestation Result and references a Proof of Process (.pop) evidence packet by UUID as defined in this specification. The content is a CBOR-encoded attestation-result structure with semantic tag 1463894560.¶

Published specification:

[this document]¶

Applications that use this media type:

Verification and display of authorship scores by publishers, academic repositories, literary journals, and the WritersLogic verification suite.¶

Fragment identifier considerations:

N/A¶

Additional information:

Deprecated alias names for this type:

N/A¶

Magic number(s):

0xD957415220 (CBOR tag encoding at offset 0)¶

File extension(s):

.war¶

Macintosh file type code(s):

N/A¶

Person and email address to contact for further information:

David Condrey <david@writerslogic.com>¶

Intended usage:

COMMON¶

Restrictions on usage:

N/A¶

Author:

David Condrey¶

Change controller:

WritersLogic Inc.¶

Provisional registration:

No¶

13.6.1. Proof of Process Claim Types Registry

For claim types requiring Specification Required:¶

• The specification MUST clearly define what the claim asserts¶
• For chain-verifiable claims, the specification MUST demonstrate that the claim can be verified solely from the Evidence packet¶
• For monitoring-dependent claims, the specification MUST document the Attesting Environment trust assumptions¶
• The claim name SHOULD be descriptive and follow existing naming conventions¶

For environmental claims requiring Expert Review:¶

• The specification SHOULD describe implementation considerations¶
• The claim SHOULD NOT duplicate existing claims¶
• Privacy implications SHOULD be documented¶

13.6.2. Proof of Process VDF Algorithms Registry

For experimental algorithms requiring Expert Review:¶

• The algorithm MUST be documented with sufficient detail for independent implementation¶
• Security analysis SHOULD be provided, even if preliminary¶
• The algorithm SHOULD NOT be a minor variant of an existing registered algorithm¶
• Implementation availability is encouraged but not required¶

13.6.3. Proof of Process Entropy Sources Registry

For entropy sources requiring Specification Required:¶

• The specification MUST describe how timing intervals are derived from the entropy source¶
• Expected entropy density under typical conditions SHOULD be documented¶
• Privacy implications MUST be clearly stated¶
• The entropy source SHOULD provide meaningful behavioral signal that cannot be trivially simulated¶