Proof of Process: An Evidence Framework for Digital Authorship Attestation

Proof of Process: An Evidence Framework for Digital Authorship Attestation Writerslogic Inc

United States david@writerslogic.com https://writerslogic.com

Security Remote ATtestation procedureS attestation evidence authorship RATS behavioral VDF verifiable delay function process documentation digital provenance This document specifies Proof of Process (PoP), an evidence framework for digital authorship attestation. The framework produces tamper-evident, independently verifiable process evidence describing how documents evolve over time, without capturing document content or keystroke data. Proof of Process implements a specialized profile of the Remote ATtestation procedureS (RATS) architecture, extending it with behavioral entropy bindings, Verifiable Delay Function (VDF) temporal proofs, and a taxonomy of absence claims with explicit trust requirements. The specification defines two complementary CBOR-encoded formats: Evidence Packets (.pop) produced by Attesters during document authorship, and Attestation Results (.war) produced by Verifiers after appraising Evidence. The framework is designed around four core principles: privacy by construction (no content storage), zero trust (locally generated, independently verifiable), evidence over inference (observable facts, not conclusions), and cost-asymmetric forgery (expensive to fake, not impossible). This specification does not address AI detection, stylometric analysis, or intent inference. About This Document Status of this Memo: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at . Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

Introduction This document specifies Proof of Process, an evidence framework for digital authorship attestation. The framework produces tamper-evident, independently verifiable process evidence describing how documents evolve over time.

Problem Statement Digital documents lack provenance information about their creation process. While cryptographic signatures prove key possession and timestamps prove existence at a point in time, neither addresses a fundamental question: how did this document come to exist? Existing approaches to authorship verification fall into two categories, each with significant limitations:

Surveillance-Based Systems:: Screen recording, keystroke logging, and continuous monitoring capture detailed process information but fundamentally violate author privacy. Such systems require trust in the monitoring infrastructure and create risks of data exfiltration or misuse. The evidence they produce is not independently verifiable without access to surveillance archives controlled by third parties.
Content Analysis Systems:: Stylometric analysis, AI detection tools, and linguistic forensics attempt to infer process from product. These approaches make probabilistic claims about authorship based on content patterns but cannot provide verifiable evidence of the creation process. They are vulnerable to false positives, false negatives, and adversarial manipulation.

Neither approach produces evidence that is simultaneously:

Privacy-preserving (no content capture or transmission)
Independently verifiable (no trust in monitoring infrastructure)
Tamper-evident (modifications are detectable)
Process-documenting (captures how, not just what)

The need for such evidence is growing across multiple domains:

Academic integrity: Institutions require process evidence for submissions, particularly as AI-generated content becomes indistinguishable from human writing.
Legal documentation: Courts and regulatory bodies require provenance evidence for documents submitted as evidence.
Creative works: Authors and creators seek to document their creative process for copyright, attribution, and authenticity purposes.
Professional certification: Regulated professions may require evidence that work product was created through specified processes.

Scope

What This Specification Defines This specification defines:

Evidence format: The structure of Evidence Packets (.pop files) containing checkpoint chains, behavioral entropy bindings, and cryptographic proofs.
Attestation result format: The structure of Attestation Results (.war files) produced by Verifiers after appraising Evidence.
Checkpoint structure: The cryptographic construction binding document states, timing proofs, and behavioral evidence.
Verification procedures: Algorithms for independent verification of Evidence Packets without access to the original Attesting Environment.
Claim taxonomy: Classification of claims into chain-verifiable and monitoring-dependent categories with explicit trust requirements.

What This Specification Does NOT Define This specification explicitly excludes:

Content analysis: No examination of document content for stylometric patterns, linguistic features, or semantic meaning.
Authorship determination: No claims about the identity of the author beyond cryptographic key binding. The specification documents process, not persons.
Intent inference: No claims about the cognitive state, creative intent, or mental processes of the author.
AI detection: No classification of content as "human-written" or "AI-generated." The specification provides evidence about process; interpretation is left to Relying Parties.
Surveillance mechanisms: No screen capture, keystroke content logging, or continuous monitoring. Behavioral signals are captured as timing entropy, not content.

Relationship to RATS Architecture This specification implements a specialized profile of the Remote ATtestation procedureS (RATS) architecture with domain-specific extensions for behavioral evidence and process documentation. The RATS role mappings are:

Attester:: The witnessd-core library running on the author's device, producing Evidence Packets (.pop files).
Verifier:: Any implementation capable of parsing and appraising Evidence Packets, producing Attestation Results (.war files).
Relying Party:: The entity consuming Attestation Results for trust decisions (e.g., academic institutions, publishers, legal systems).

The Evidence produced by this specification extends standard RATS evidence with behavioral entropy bindings and Verifiable Delay Function proofs for temporal ordering.

Design Goals The Proof of Process framework is designed around four core principles:

Privacy by Construction The framework enforces privacy through structural constraints, not policy promises:

No document content is stored in Evidence Packets. Content is represented only by cryptographic hashes.
No characters typed are captured. Keystroke timing is recorded without association to specific characters.
No screenshots or screen recordings are taken. Visual content is never captured by the Attesting Environment.
Behavioral data is aggregated into statistical summaries before inclusion in Evidence, preventing reconstruction of input sequences.

Zero Trust: Locally Generated, Independently Verifiable Evidence generation and verification are fully decoupled:

Evidence is generated entirely on the Attester device with no network dependency during creation.
Verification requires only the Evidence Packet itself; no access to the original device, the document content, or external services (except for optional external anchor validation).
Multiple independent Verifiers can appraise the same Evidence, enabling adversarial review.
No trusted third party is required for basic verification.

Evidence Over Inference The framework provides observable evidence, not conclusions:

Claims are classified as chain-verifiable (provable from Evidence alone) or monitoring-dependent (requiring Attesting Environment trust).
Attestation Results document what was verified, not what should be believed.
Confidence scores and caveats accompany all assessments, enabling informed Relying Party decisions.
The specification makes no absolute claims about authorship, intent, or authenticity.

Cost-Asymmetric Forgery The framework makes forgery expensive relative to genuine creation:

Verifiable Delay Functions (VDFs) establish minimum elapsed time that cannot be circumvented through parallelization.
Captured behavioral entropy commits to timing measurements that cannot be regenerated without access to the original input stream.
Hash chain construction ensures any modification invalidates all subsequent evidence.
The forgery-cost-section quantifies attack costs, enabling risk assessment by Relying Parties.

IMPORTANT: This framework does not claim to make forgery impossible. It raises the cost of forgery relative to honest participation and provides quantified bounds on attack economics.

Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. This document uses the following terms:

Evidence Packet (.pop):: The primary evidence artifact produced by the Attester, containing checkpoint chains, behavioral entropy bindings, VDF proofs, and optional attestations. The file extension ".pop" derives from "Proof of Process." Evidence Packets are CBOR-encoded with semantic tag 1347571280 (0x50505020, ASCII "PPP ").
Attestation Result (.war):: The verification certificate produced by a Verifier after appraising an Evidence Packet. Contains the verification verdict, verified claims, confidence score, and Verifier signature. The file extension ".war" derives from "Writers Authenticity Report." Attestation Results are CBOR-encoded with semantic tag 1463894560 (0x57415220, ASCII "WAR ").
Checkpoint:: A cryptographic snapshot of document state at a point in time, including content hash, timing proof, and behavioral entropy binding. Checkpoints form a hash chain where each checkpoint references its predecessor.
Jitter Seal:: Captured behavioral entropy from human input events, bound to the checkpoint chain. Unlike injected entropy (random delays added by software), captured entropy commits to actual measured timing that existed only at the moment of observation. See for detailed specification.
Verifiable Delay Function (VDF):: A cryptographic primitive that requires sequential computation and cannot be parallelized, used to establish minimum elapsed time between checkpoints. The VDF output for each checkpoint is entangled with the previous checkpoint and behavioral entropy, preventing precomputation. See for detailed specification.
Chain-verifiable Claim:: A claim that can be verified from the Evidence Packet alone, without trusting the Attesting Environment beyond basic data integrity. Examples include checkpoint chain integrity, VDF proof validity, and minimum elapsed time bounds.
Monitoring-dependent Claim:: A claim that requires trust in the Attesting Environment's accurate reporting of monitored events. Examples include behavioral anomaly detection and input source attribution. Such claims explicitly document their trust requirements.
Attesting Environment (AE):: The software and hardware environment where Evidence is generated. Per the RATS architecture , the AE produces claims about its own state and the processes it observes.
Evidence Tier:: A classification of Evidence Packets based on which optional sections are present. Tiers range from Basic (checkpoint chain only) to Maximum (hardware attestation, external anchors, forgery cost analysis). See for tier definitions.

Document Structure This specification is organized as follows:

: Defines the overall architecture, RATS role mappings, and the two complementary formats (Evidence Packets and Attestation Results).
: Specifies the Jitter Seal mechanism for capturing and binding behavioral entropy to the checkpoint chain.
: Specifies Verifiable Delay Function constructions for temporal ordering and minimum elapsed time proofs.
: Defines the taxonomy of absence claims and the trust requirements for each claim type.
: Specifies the methodology for quantifying forgery costs and attack economics.
: Analyzes security properties, threat models, and attack mitigations.
: Documents privacy properties and data handling requirements.
: Requests IANA registrations for CBOR tags, EAT claims, and media types.

Appendices provide CDDL schemas, test vectors, and implementation guidance.

Conventions and Definitions

CDDL Notation Data structures in this document are specified using the Concise Data Definition Language (CDDL) . CDDL provides a notation for expressing CBOR and JSON data structures. The normative CDDL definitions appear inline in the relevant sections.

CBOR Encoding Both Evidence Packets and Attestation Results use CBOR (Concise Binary Object Representation) encoding per . CBOR provides efficient binary encoding with support for semantic tags and extensibility. This specification uses:

Semantic tags for type identification (Evidence Packet: 1347571280, Attestation Result: 1463894560)
Integer keys (1-99) for core protocol fields to minimize encoding size
String keys for vendor extensions and application-specific fields
Deterministic encoding (RFC 8949 Section 4.2) RECOMMENDED for signature verification

COSE Signatures Cryptographic signatures use COSE (, CBOR Object Signing and Encryption) . The COSE_Sign1 structure provides single-signer signatures suitable for Evidence and Attestation Result authentication. Recommended algorithms:

EdDSA with Ed25519 (RECOMMENDED for new implementations)
ECDSA with P-256 (for compatibility with existing PKI)

EAT Tokens This specification defines an Entity Attestation Token (EAT) profile per . EAT provides a framework for attestation claims with support for custom claim types. The EAT profile URI for Proof of Process evidence is: Custom EAT claims proposed for IANA registration are defined in .

Hash Function Notation This document uses the following notation for cryptographic hash functions:

H(x): SHA-256 hash of input x (default)
H^n(x): n iterations of hash function H
HMAC(k, m): HMAC-SHA256 with key k and message m

SHA-256 is the RECOMMENDED hash algorithm. Implementations MAY support SHA3-256 for algorithm agility.

Evidence Model This section defines the top-level architecture of the witnessd Proof of Process evidence model. The design follows the RATS (Remote ATtestation procedureS) architecture while introducing domain-specific extensions for behavioral evidence and process documentation.

RATS Architecture Mapping This specification implements a RATS profile with these role mappings: the witnessd-core library acts as Attester, producing Evidence Packets (.pop files); verification implementations act as Verifiers, producing Attestation Results (.war files); and consuming entities (institutions, publishers) act as Relying Parties. Key properties: Evidence is generated locally on the Attester device without network dependency; verification requires only the Evidence packet; Evidence contains cryptographic hashes, not content; behavioral signals are aggregated into statistical summaries.

Two Complementary Formats The witnessd protocol defines two file formats that serve distinct roles in the attestation workflow:

Evidence Packet (.pop) The .pop (Proof of Process) file is the primary Evidence artifact produced by the Attester. It contains all cryptographic proofs and behavioral evidence accumulated during document authorship. CBOR encoding with semantic tag: The Evidence packet is the authoritative record of the authoring process. It may be:

Submitted to a Verifier for appraisal
Archived alongside the document for future verification
Shared with Relying Parties who perform their own verification

The .pop file is typically larger than the .war file because it contains complete checkpoint chains, VDF proofs, and behavioral evidence.

Attestation Result (.war) The .war (Writers Authenticity Report) file is the Attestation Result produced by a Verifier after appraising an Evidence packet. It serves as a portable verification certificate. CBOR encoding with semantic tag: The Attestation Result is designed for distribution alongside published documents. It provides:

A signed verdict from a trusted Verifier
Summary of verified claims without full evidence
Confidence score for Relying Party decision-making
Caveats documenting verification limitations

Relying Parties may trust the .war file based on the Verifier's reputation, or they may request the original .pop file for independent verification.

Format Relationship The two formats are linked by the reference-packet-id field in the Attestation Result, which matches the packet-id of the appraised Evidence packet: This binding ensures that each Attestation Result is unambiguously tied to a specific Evidence packet.

Evidence Packet Structure The evidence-packet structure contains the complete attestation evidence produced by the Attester. The normative CDDL definition is provided in the schema appendix; this section describes the semantic meaning of each component. uint, ; version 2 => tstr, ; profile (EAT profile URI) 3 => uuid, ; packet-id 4 => pop-timestamp, ; created 5 => document-ref, ; document 6 => [+ checkpoint], ; checkpoints ; Tiered optional sections ? 10 => presence-section, ; presence ? 11 => forensics-section, ; forensics ? 12 => keystroke-section, ; keystroke ? 13 => hardware-section, ; hardware ? 14 => external-section, ; external ? 15 => absence-section, ; absence ? 16 => forgery-cost-section, ; forgery-cost ? 17 => declaration, ; declaration * tstr => any, ; extensions } ]]>

Required Fields

version (key 1):: Schema version number. Currently 1. Implementations MUST reject packets with unrecognized major versions.
profile (key 2):: EAT profile URI identifying this specification: IANA registration to be requested upon working group adoption.
packet-id (key 3):: UUID () uniquely identifying this Evidence packet. Generated by the Attester at packet creation time.
created (key 4):: Timestamp when this packet was finalized. CBOR tag 1 (epoch-based date/time).
document (key 5):: Reference to the documented artifact. See .
checkpoints (key 6):: Ordered array of checkpoint structures forming the evidence chain. See .

Tiered Optional Sections The optional sections (keys 10-17) correspond to evidence tiers. Their presence determines the evidence strength:

Key	Section	Tier Contribution	Reference
10	presence-section	Standard (+)	-
11	forensics-section	Enhanced (+)	-
12	keystroke-section	Enhanced (+)
13	hardware-section	Maximum (+)	-
14	external-section	Maximum (+)	-
15	absence-section	Maximum (+)
16	forgery-cost-section	Maximum (+)
17	declaration	All tiers	-

Extensibility The evidence-packet structure supports forward-compatible extensions through string-keyed fields:

Integer keys 1-99 are reserved for this specification
String keys MAY be used for vendor or application-specific extensions
Verifiers MUST ignore unrecognized string-keyed fields
Verifiers MUST reject packets containing unrecognized integer keys in the reserved range

Checkpoint Chain The checkpoint chain is the core evidentiary structure. Each checkpoint represents a witnessed document state, cryptographically linked to its predecessor.

Checkpoint Structure uint, ; sequence 2 => uuid, ; checkpoint-id 3 => pop-timestamp, ; timestamp 4 => hash-value, ; content-hash 5 => uint, ; char-count 6 => uint, ; word-count 7 => edit-delta, ; delta 8 => hash-value, ; prev-hash 9 => hash-value, ; checkpoint-hash 10 => vdf-proof, ; vdf-proof 11 => jitter-binding, ; jitter-binding 12 => bstr .size 32, ; chain-mac * tstr => any, ; extensions } ]]>

sequence (key 1):: Zero-indexed ordinal position in the checkpoint chain. MUST be strictly monotonically increasing.
checkpoint-id (key 2):: UUID uniquely identifying this checkpoint within the packet.
timestamp (key 3):: Local timestamp when the checkpoint was created. Note that local timestamps are untrusted; temporal ordering is established by VDF causality.
content-hash (key 4):: Cryptographic hash of the document content at this checkpoint. SHA-256 RECOMMENDED.
char-count (key 5), word-count (key 6):: Document statistics at this checkpoint. Informational only; not cryptographically bound.
delta (key 7):: Edit delta since previous checkpoint. Contains character counts for additions, deletions, and edit operations. No content is included.
prev-hash (key 8):: Hash of the previous checkpoint (checkpoint-hash{N-1}). For the genesis checkpoint (sequence = 0), this MUST be 32 zero bytes.
checkpoint-hash (key 9):: Binding hash computed over all checkpoint fields, creating the hash chain.
vdf-proof (key 10):: Verifiable Delay Function proof establishing minimum elapsed time. See .
jitter-binding (key 11):: Captured behavioral entropy binding. See .
chain-mac (key 12):: HMAC-SHA256 binding the checkpoint to the chain key, preventing transplantation of checkpoints between sessions.

Hash Chain Construction The checkpoint chain forms a cryptographic hash chain through the prev-hash linkage: | checkpoint- |---->| checkpoint- | | hash: H_0 | | hash: H_1 | | hash: H_2 | +---------------+ +---------------+ +---------------+ ]]> The checkpoint-hash is computed as: This construction ensures that any modification to any field in any checkpoint invalidates all subsequent checkpoint hashes, providing tamper-evidence for the entire chain.

MMR Compatibility The checkpoint chain is designed for compatibility with Merkle Mountain Range () structures, enabling efficient inclusion proofs for subsets of checkpoints:

Each checkpoint-hash serves as a leaf in the MMR
Verifiers can request inclusion proofs for specific checkpoints without receiving the entire chain
External anchors can commit to MMR roots, enabling efficient batch timestamping

MMR proofs are optional and may be included in the external-section when third-party verification services provide them.

Document Binding The document-ref structure binds the Evidence packet to a specific document without including the document content. hash-value, ; content-hash 2 => tstr, ; filename (optional) 3 => uint, ; byte-length 4 => uint, ; char-count ? 5 => hash-salt-mode, ; salt mode ? 6 => bstr, ; salt-commitment } ]]>

Content Hash Binding The content-hash (key 1) is the cryptographic hash of the final document state. This is the same value as the content-hash in the final checkpoint. To verify document binding:

Compute H(document-content)
Compare with document-ref.content-hash
Compare with checkpoints{-1}.content-hash
All three values MUST match

Salt Modes for Privacy The hash-salt-mode field controls how the content hash is computed, enabling privacy-preserving verification scenarios:

Value	Mode	Hash Computation	Verification
0	unsalted	H(content)	Anyone with document can verify
1	author-salted	H(salt \|\| content)	Author reveals salt to chosen verifiers
2	third-party-escrowed	H(salt \|\| content)	Escrow releases salt under conditions

When salted modes are used:

The salt-commitment field contains H(salt), not the salt itself
The author or escrow provides the salt out-of-band for verification
Verifiers confirm H(provided-salt) matches salt-commitment before using it

Salted modes enable scenarios where the document binding should not be globally verifiable (e.g., unpublished manuscripts, confidential documents).

Evidence Tiers Evidence packets are classified into tiers based on which optional sections are present. Higher tiers provide stronger evidence at the cost of more extensive data collection and larger packet sizes.

Basic Tier The Basic tier contains only the required checkpoint chain and document reference:

Checkpoints with VDF proofs and jitter bindings
Document reference with content hash
Optional declaration (author attestation)

Basic tier evidence proves:

A sequence of document states was created over time
Minimum elapsed time between states (via VDF)
Behavioral entropy was captured at each checkpoint

Basic tier is suitable for low-stakes documentation, personal records, or contexts where the author's attestation is generally trusted.

Standard Tier The Standard tier adds presence verification to the Basic tier:

All Basic tier components
presence-section: Human presence challenges and responses

Standard tier evidence additionally proves:

A human responded to interactive challenges during authorship
Response timing is consistent with human reaction times

Standard tier is suitable for academic submissions, professional reports, and contexts requiring reasonable assurance of human involvement.

Enhanced Tier The Enhanced tier adds forensic analysis to the Standard tier:

All Standard tier components
forensics-section: Edit topology, AI indicators, metrics
keystroke-section: Detailed jitter samples

Enhanced tier evidence additionally provides:

Statistical analysis of editing patterns
Edit topology showing where changes occurred (not what)
AI indicator scores for forensic assessment
Detailed keystroke timing for entropy verification

Enhanced tier is suitable for legal documents, regulatory compliance, and high-value intellectual property.

Maximum Tier The Maximum tier adds hardware binding, external anchors, absence proofs, and forgery cost analysis:

All Enhanced tier components
hardware-section: TPM/Secure Enclave attestation
external-section: RFC 3161, blockchain timestamps
absence-section: Negative evidence claims
forgery-cost-section: Economic attack cost analysis

Maximum tier evidence additionally provides:

Hardware binding proving evidence was created on a specific device
Third-party timestamps establishing absolute time
Absence proofs for bounded claims (e.g., max paste size)
Quantified forgery cost bounds for risk assessment

Maximum tier is suitable for litigation support, forensic investigation, and contexts requiring the strongest available evidence.

Tier Selection Guidance The appropriate tier depends on the trust requirements and privacy constraints of the use case:

Tier	Value	Typical Use Cases	Privacy Impact
Basic	1	Personal notes, internal docs	Minimal
Standard	2	Academic, professional	Low
Enhanced	3	Legal, regulatory	Moderate
Maximum	4	Litigation, forensic	Higher

Authors SHOULD select the minimum tier that meets their verification requirements. Higher tiers collect more behavioral data and create larger Evidence packets.

Attestation Result Structure The attestation-result structure contains the Verifier's assessment of an Evidence packet. It implements a witnessd-specific profile of EAR (Entity Attestation Results) as defined in . uint, ; version 2 => uuid, ; reference-packet-id 3 => pop-timestamp, ; verified-at 4 => forensic-assessment, ; verdict 5 => float32, ; confidence-score 6 => [+ result-claim], ; verified-claims 7 => cose-signature, ; verifier-signature ? 8 => tstr, ; verifier-identity ? 9 => verifier-metadata, ; additional info ? 10 => [+ tstr], ; caveats * tstr => any, ; extensions } ]]>

Verdict Field The verdict (key 4) is the Verifier's overall forensic assessment using the forensic-assessment enumeration:

Value	Assessment	Meaning
0	not-assessed	Verification incomplete or not attempted
1	strongly-human	Evidence strongly indicates human authorship
2	likely-human	Evidence consistent with human authorship
3	inconclusive	Evidence neither confirms nor refutes claims
4	likely-ai-assisted	Evidence suggests AI assistance
5	strongly-ai-generated	Evidence strongly indicates AI generation

IMPORTANT: The verdict describes the behavioral evidence, not a claim about the author's intent or the cognitive origin of ideas. It reflects observable patterns in the documented process.

Confidence Score The confidence-score (key 5) is a floating-point value in the range [0.0, 1.0] representing the Verifier's confidence in the verdict:

0.0 - 0.3: Low confidence (limited evidence)
0.3 - 0.7: Moderate confidence (typical evidence)
0.7 - 1.0: High confidence (strong evidence)

The confidence score incorporates:

Evidence tier (higher tiers increase confidence ceiling)
Checkpoint chain completeness
Entropy sufficiency in jitter bindings
VDF calibration attestation presence
External anchor confirmations

Verified Claims The verified-claims array (key 6) contains individual claim verification results: uint, ; claim-type 2 => bool, ; verified ? 3 => tstr, ; detail ? 4 => confidence-level, ; claim-confidence } ]]> The claim-type values correspond to the absence-claim-type enumeration, enabling direct mapping between Evidence claims and Attestation Result verification outcomes.

Verifier Signature The verifier-signature (key 7) is a COSE_Sign1 signature over the Attestation Result payload (fields 1-6 plus any optional fields 8-10). This signature:

Authenticates the Verifier identity
Ensures integrity of the Attestation Result
Enables Relying Parties to verify the result came from a trusted Verifier

Caveats The caveats array (key 10) documents limitations and warnings that Relying Parties should consider:

"No hardware attestation available"
"External anchors pending confirmation"
"Jitter entropy below recommended threshold"
"Author declares AI tool usage"

Verifiers MUST include appropriate caveats when the Evidence has known limitations. Relying Parties SHOULD review caveats before making trust decisions.

CBOR Encoding Both Evidence packets and Attestation Results use CBOR (Concise Binary Object Representation) encoding per RFC 8949.

Semantic Tags Top-level structures use semantic tags for type identification:

Tag	Hex	ASCII	Structure
1347571280	0x50505020	"PPP "	tagged-evidence-packet
1463894560	0x57415220	"WAR "	tagged-attestation-result

These tags enable format detection without external metadata. Parsers can identify the packet type by examining the leading tag value.

Key Encoding Strategy The schema uses a dual key encoding strategy for efficiency and extensibility:

Integer Keys (1-99):: Reserved for core protocol fields defined in this specification. Provides compact encoding and enables efficient parsing.
String Keys:: Used for vendor extensions, application-specific fields, and future protocol extensions before standardization. Provides self-describing field names at the cost of encoding size.

Example size comparison for a field named "forensics": For a typical Evidence packet with dozens of fields, integer keys reduce packet size by 20-40%.

Deterministic Encoding Evidence packets SHOULD use deterministic CBOR encoding (RFC 8949 Section 4.2) to enable:

Byte-exact reproduction of packets for signature verification
Consistent hashing for cache and deduplication purposes
Simplified debugging and comparison

Deterministic encoding requirements:

Map keys sorted in bytewise lexicographic order
Integers encoded in minimal representation
Floating-point values canonicalized

EAT Profile This specification defines an EAT (Entity Attestation Token) profile for Proof of Process evidence. The profile URI is:

Custom EAT Claims The following custom claims are proposed for IANA registration upon working group adoption:

Claim Name	Type	Description
pop-forensic-assessment	uint	forensic-assessment enumeration value
pop-presence-score	float	Presence challenge pass rate (0.0-1.0)
pop-evidence-tier	uint	Evidence tier (1-4)
pop-ai-composite-score	float	AI indicator composite score (0.0-1.0)

AR4SI Trustworthiness Extension The Attestation Result includes a proposed extension to the AR4SI () trustworthiness vector: This extension enables integration of witnessd Attestation Results with broader trustworthiness assessment frameworks.

Security Considerations

Tamper-Evidence vs. Tamper-Proof The evidence model provides tamper-EVIDENCE, not tamper-PROOF:

Tamper-evident: Modifications to Evidence packets are detectable through cryptographic verification. The hash chain, VDF entanglement, and HMAC bindings ensure that any alteration invalidates the Evidence.
Not tamper-proof: An adversary with sufficient resources can fabricate Evidence by investing the computational time required by VDF proofs and generating plausible behavioral data. The forgery-cost-section quantifies this investment.

Relying Parties should understand this distinction when making trust decisions.

Independent Verification Evidence packets are designed for independent verification:

All cryptographic proofs are included in the packet
Verification requires no access to the original device
Verification requires no network access (except for external anchor validation)
Multiple independent Verifiers can appraise the same Evidence

This property enables adversarial verification: a skeptical Relying Party can verify Evidence without trusting the Attester's infrastructure.

Privacy by Construction The evidence model enforces privacy through structural constraints:

No content storage: Evidence contains hashes of document states, not content. The document itself is never included in Evidence packets.
No keystroke capture: Individual characters typed are not recorded. Timing intervals are captured without association to specific characters.
Aggregated behavioral data: Raw timing data is aggregated into histograms before inclusion in Evidence. Optional raw interval disclosure is user-controlled.
No screenshots or screen recording: Visual content is never captured by the Attesting Environment.

Attesting Environment Trust The evidence model assumes a minimally trusted Attesting Environment:

Chain-verifiable claims (absence-claim-types 1-15): Can be verified from Evidence alone without trusting the AE beyond basic data integrity.
Monitoring-dependent claims (absence-claim-types 16-63): Require trust that the AE accurately reported monitored events. The ae-trust-basis field documents these assumptions.

Hardware attestation (hardware-section) increases AE trust by binding Evidence to verified hardware identities.

Jitter Seal: Captured Behavioral Entropy This section defines the Jitter Seal mechanism, a novel contribution to behavioral evidence that binds captured timing entropy to the checkpoint chain. Unlike injected entropy (random delays added by software), captured entropy commits to actual measured timing from human input events.

Design Principles The Jitter Seal addresses a fundamental limitation in existing attestation frameworks: the inability to distinguish evidence generated during genuine human interaction from evidence reconstructed after the fact.

Captured vs. Injected Entropy:: Injected entropy (e.g., random delays inserted by software) can be regenerated if the random seed is known. Captured entropy commits to timing measurements that existed only at the moment of observation. An adversary cannot regenerate captured entropy without access to the original input stream.
Commitment Before Observation:: The entropy commitment is computed and bound to the checkpoint chain before the summarized statistics are finalized. This prevents an adversary from crafting statistics that match a predetermined commitment.
Privacy-Preserving Aggregation:: Raw timing intervals are aggregated into histogram buckets, preserving statistical properties while preventing reconstruction of the original keystroke sequence. The raw intervals MAY be disclosed for enhanced verification but are not required.

Jitter Binding Structure The jitter-binding structure appears in each checkpoint and contains five fields: hash-value, ; entropy-commitment 2 => [+ entropy-source], ; sources 3 => jitter-summary, ; summary 4 => bstr .size 32, ; binding-mac ? 5 => [+ uint], ; raw-intervals (optional) } ]]>

Entropy Commitment (Key 1) The entropy-commitment is a cryptographic hash of the raw timing intervals concatenated in observation order: where H is the hash algorithm specified in the hash-value structure (SHA-256 RECOMMENDED), and each interval is encoded as a 32-bit unsigned integer representing milliseconds. This commitment is computed BEFORE the histogram summary, ensuring the raw data cannot be manipulated to match a desired statistical profile.

Entropy Sources (Key 2) The sources array identifies which input modalities contributed to the captured entropy:

Value	Source	Description
1	keystroke-timing	Inter-key intervals from keyboard input
2	pause-patterns	Gaps between editing bursts (>2 seconds)
3	edit-cadence	Rhythm of insertions/deletions over time
4	cursor-movement	Navigation timing within document
5	scroll-behavior	Document scrolling patterns
6	focus-changes	Application focus gain/loss events

Implementations MUST include at least one source. The keystroke-timing source (1) provides the highest entropy density and SHOULD be included when keyboard input is available.

Jitter Summary (Key 3) The summary provides verifiable statistics without exposing raw timing data: uint, ; sample-count 2 => [+ histogram-bucket], ; timing-histogram 3 => float32, ; estimated-entropy-bits ? 4 => [+ anomaly-flag], ; anomalies (if detected) } histogram-bucket = { 1 => uint, ; lower-bound-ms 2 => uint, ; upper-bound-ms 3 => uint, ; count } ]]> The estimated-entropy-bits field is calculated using Shannon entropy over the histogram distribution: 0 p[i] = count[i] / total_samples ]]> RECOMMENDED bucket boundaries (in milliseconds): 0, 50, 100, 200, 500, 1000, 2000, 5000, +infinity. These boundaries capture the typical range of human typing and pause behavior.

Binding MAC (Key 4) The binding-mac cryptographically binds the jitter data to the checkpoint chain: This binding ensures that:

The jitter data cannot be transplanted between checkpoints
The jitter data cannot be modified without invalidating the checkpoint chain
The temporal ordering of jitter observations is preserved

Raw Intervals (Key 5, Optional) The raw-intervals array MAY be included for enhanced verification. When present, verifiers can:

Recompute the entropy-commitment and verify it matches
Recompute the histogram and verify consistency
Perform statistical analysis beyond the histogram

Privacy consideration: Raw intervals may constitute biometric-adjacent data. See .

VDF Entanglement The Jitter Seal achieves temporal binding through entanglement with the VDF proof chain. The VDF input for checkpoint N includes the jitter binding from checkpoint N: This entanglement creates a causal dependency: the VDF output cannot be computed until the jitter entropy is captured and committed. Combined with the VDF's sequential computation requirement, this ensures that:

The jitter data existed before the VDF computation began
The checkpoint cannot be backdated without recomputing the entire VDF chain from that point forward
The minimum time between checkpoints is bounded by VDF computation time plus jitter observation time

Verification Procedure A Verifier appraises the Jitter Seal through the following procedure:

Structural Validation: Verify all required fields are present and correctly typed per the CDDL schema.
Binding MAC Verification: Recompute the binding-mac using the checkpoint chain key and verify it matches the provided value.
Entropy Commitment Verification (if raw-intervals present): Recompute H(intervals) and verify it matches entropy-commitment.
Histogram Consistency (if raw-intervals present): Recompute histogram buckets from raw intervals and verify consistency with the provided summary.
Entropy Threshold Check: Verify estimated-entropy-bits meets the minimum threshold for the claimed evidence tier. RECOMMENDED minimum: 32 bits for Standard tier, 64 bits for Enhanced tier.
Sample Count Check: Verify sample-count is consistent with the document size and claimed editing duration. Anomalously low sample counts relative to content length indicate potential evidence gaps.
Anomaly Assessment: If anomaly-flags are present, incorporate them into the overall forensic assessment. The presence of anomalies does not invalidate the evidence but affects confidence.
VDF Entanglement Verification: Verify the entropy-commitment appears in the VDF input computation for this checkpoint.

The verification result contributes to the chain-verifiable claims defined in the absence-section:

jitter-entropy-above-threshold (claim type 8): PROVEN if estimated-entropy-bits exceeds threshold
jitter-samples-above-count (claim type 9): PROVEN if sample-count exceeds threshold

Anomaly Detection The Attesting Environment MAY flag anomalies in the captured timing data:

Value	Flag	Indication
1	unusually-regular	Timing distribution has lower variance than typical human input (coefficient of variation < 0.1)
2	burst-detected	Sustained high-speed input exceeding 200 WPM for >30 seconds
3	gap-detected	Significant editing gap (>5 minutes) within what appears to be a continuous session
4	paste-heavy	>50% of content added via paste operations in this checkpoint interval

Anomaly flags are informational and do not constitute claims about authorship or intent. They provide context for Verifier appraisal and Relying Party decision-making.

Relationship to RATS Evidence The Jitter Seal extends the RATS evidence model in several ways:

Behavioral Evidence:: Traditional RATS evidence attests to system state (software versions, configuration, integrity). The Jitter Seal attests to behavioral characteristics of the input stream, capturing properties that emerge only during genuine interaction.
Continuous Attestation:: Unlike point-in-time attestation, Jitter Seals are accumulated throughout an authoring session. Each checkpoint adds to the behavioral evidence corpus, with earlier seals constraining what later seals can claim.
Non-Reproducible Evidence:: RATS evidence can typically be regenerated by returning to the same system state. Jitter Seal evidence cannot be regenerated because the timing entropy existed only at the moment of capture.
Epoch Marker Compatibility:: The VDF-entangled Jitter Seal can function as a local freshness mechanism compatible with the Epoch Markers framework . The VDF output chain provides relative ordering; external anchors provide absolute time binding.

Privacy Considerations Keystroke timing data is biometric-adjacent: while not traditionally classified as biometric data, timing patterns can potentially identify individuals or reveal sensitive information about cognitive state or physical condition.

Mitigation Measures

Histogram Aggregation: By default, only aggregated histogram data is included in the evidence packet. Raw intervals are optional and SHOULD only be disclosed when enhanced verification is required.
Bucket Granularity: The RECOMMENDED bucket boundaries (50ms minimum width) prevent reconstruction of exact keystroke sequences while preserving statistically significant patterns.
No Character Mapping: Timing intervals are recorded without association to specific characters or words. The evidence captures rhythm without content.
Session Isolation: Jitter data is bound to a specific evidence packet and checkpoint chain. Cross-session correlation requires access to multiple evidence packets.

Disclosure Recommendations Implementations SHOULD inform users that:

Typing rhythm information is captured and included in evidence packets
Evidence packets may be shared with Verifiers and potentially with Relying Parties
Raw timing data (if disclosed) could theoretically be used for behavioral analysis

Users SHOULD have the option to:

Disable raw-intervals disclosure (histogram-only mode)
Request deletion of evidence packets after verification
Review captured entropy statistics before packet finalization

Security Considerations

Replay Attacks An adversary might attempt to replay captured jitter data from a previous session. This attack is mitigated by:

VDF entanglement: The jitter commitment is bound to the VDF chain, which includes the previous checkpoint hash
Chain MAC: The binding-mac includes the previous checkpoint hash, preventing transplantation
Content binding: The jitter data is associated with specific content hashes that change with each edit

Simulation Attacks An adversary might attempt to generate synthetic timing data that mimics human patterns. The cost of this attack is bounded by:

Entropy requirement: Meeting the entropy threshold requires sufficient variation in timing. Perfectly regular synthetic input will fail the entropy check.
Real-time constraint: The VDF entanglement requires that jitter data be captured before VDF computation. Generating synthetic timing that passes statistical tests while maintaining real-time constraints is non-trivial.
Statistical consistency: Synthetic timing must be consistent across all checkpoints. Anomaly detection may flag statistically improbable patterns.

The Jitter Seal does not claim to make simulation impossible, only to make it costly relative to genuine interaction. The forgery-cost-section provides quantified bounds on attack costs.

Attesting Environment Trust The Jitter Seal relies on the Attesting Environment to accurately capture and report timing data. A compromised AE could fabricate jitter data. This is addressed by:

Hardware binding (hardware-section) for AE integrity
Calibration attestation for VDF speed verification
Clear documentation of AE trust assumptions in absence-claim structures (ae-trust-basis field)

Chain-verifiable claims (1-15) do not depend on AE trust beyond basic data integrity. Monitoring-dependent claims (16-63) explicitly document their AE trust requirements.

Verifiable Delay Functions This section specifies the Verifiable Delay Function (VDF) mechanisms used to establish temporal ordering and minimum elapsed time between checkpoints. The design is algorithm-agile, supporting both iterated hash constructions and succinct VDF schemes.

VDF Construction A VDF proof appears in each checkpoint and contains the following fields: vdf-algorithm, ; algorithm 2 => vdf-params, ; params 3 => bstr, ; input 4 => bstr, ; output 5 => bstr, ; proof 6 => duration, ; claimed-duration 7 => uint, ; iterations ? 8 => calibration-attestation, ; calibration (RECOMMENDED) } ]]>

Algorithm Registry The following VDF algorithms are defined:

Value	Algorithm	Status	Proof Size
1	iterated-sha256	MUST support	0 (implicit)
2	iterated-sha3-256	SHOULD support	0 (implicit)
16	pietrzak-rsa2048	MAY support	~1 KB
17	wesolowski-rsa2048	MAY support	~256 bytes
18	pietrzak-class-group	MAY support	~2 KB
19	wesolowski-class-group	MAY support	~512 bytes

Algorithm values 1-15 are reserved for iterated hash constructions. Values 16-31 are reserved for succinct VDF schemes. Values 32+ are available for future allocation.

Iterated Hash Construction The iterated hash VDF computes: Parameters for iterated hash VDFs: hash-algorithm, ; hash-function 2 => uint, ; iterations-per-second } ]]> The iterations-per-second field records the calibrated performance of the Attesting Environment, enabling Verifiers to assess whether the claimed-duration is plausible for the iteration count. Properties of iterated hash VDFs:

Verification Cost:: O(n) -- Verifier must recompute all iterations. This is acceptable for the iteration counts typical in authoring scenarios (10^6 to 10^9 iterations).
Parallelization Resistance:: Inherently sequential. Each iteration depends on the previous output. No known parallelization attack.
Hardware Acceleration:: SHA-256 acceleration (e.g., Intel SHA Extensions, ARM Cryptography Extensions) provides ~3-5x speedup over software. This is accounted for in calibration.

Succinct VDF Construction Succinct VDFs (, ) provide O(log n) or O(1) verification time at the cost of larger proof size and more complex computation. uint, ; modulus-bits (e.g., 2048) ? 11 => uint, ; security-parameter } ]]> Key set 10-19 disambiguates succinct params from iterated hash params (key set 1-9) without requiring a type tag. Succinct VDFs are OPTIONAL and intended for scenarios where:

Verification must complete in bounded time regardless of delay duration
Evidence packets may contain very long VDF chains (millions of checkpoints)
Third-party Verifiers cannot afford O(n) recomputation

When using succinct VDFs, the proof field contains the cryptographic proof of correct computation. For iterated hash VDFs, the proof field is empty (verification is by recomputation).

Causality Property The VDF chain establishes unforgeable temporal ordering through structural causality. This is a key novel contribution of the Proof of Process framework.

Checkpoint Entanglement The VDF input for checkpoint N is computed as: For the genesis checkpoint (N = 0): This construction ensures that:

Sequential Dependency: VDF_output{N} cannot be computed without VDF_output{N-1}. The chain is inherently sequential.
Content Binding: Each VDF output is bound to a specific document state. Changing the content invalidates all subsequent VDF proofs.
Jitter Binding: The behavioral entropy commitment is entangled with the VDF, as detailed in .
No Precomputation: The adversary cannot precompute VDF outputs because the input depends on runtime values (content, jitter) that are unknown until the checkpoint is created.

Temporal Ordering Without Trusted Time The causality property provides relative temporal ordering without relying on trusted timestamps:

Relative Ordering:: Checkpoint N necessarily occurred after checkpoint N-1, because VDF_input{N} requires VDF_output{N-1}.
Minimum Elapsed Time:: The time between checkpoints N-1 and N is at least: where calibration_rate is the attested iterations-per-second for the device.
Cumulative Time Bound:: The total minimum time to produce the evidence packet is:
Absolute Time Binding:: External anchors (RFC 3161 timestamps, blockchain proofs) bind the checkpoint chain to absolute time. The VDF provides the ordering; anchors provide the epoch.

Backdating Resistance An adversary attempting to backdate evidence must:

Generate content that produces the desired content-hash
Generate jitter data that produces valid entropy-commitment
Compute the VDF chain from the backdated checkpoint forward
Complete all of the above before any external anchor confirms a later checkpoint

The cost of step 3 grows linearly with the number of subsequent checkpoints and the iteration count per checkpoint. This cost is quantified in the forgery-cost-section. Crucially, the adversary cannot parallelize step 3: VDF computation is inherently sequential. Even with unlimited computational resources, the adversary must wait for each VDF to complete before starting the next.

Calibration Attestation Calibration attestation addresses the verification problem: how does a Verifier know whether the claimed iterations could have been computed in the claimed duration on the Attester's hardware?

Attestation Structure uint, ; calibration-iterations 2 => pop-timestamp, ; calibration-time 3 => cose-signature, ; hw-signature 4 => bstr, ; device-nonce ? 5 => tstr, ; device-model } ]]>

calibration-iterations (key 1):: The number of VDF iterations completed in a 1-second calibration burst at session start.
calibration-time (key 2):: Timestamp when calibration was performed. SHOULD be within 24 hours of the first checkpoint.
hardware-signed attestation (key 3):: COSE_Sign1 signature over the calibration data, produced by hardware-bound keys (Secure Enclave, TPM, etc.).
device-nonce (key 4):: Random 256-bit value generated at calibration time. Prevents replay of calibration attestations across sessions.
device-model (key 5, optional):: Human-readable device identifier for reference purposes. Not used in verification.

Calibration Procedure The Attesting Environment performs calibration as follows:

Generate Nonce: Generate a cryptographically random 256-bit device-nonce.
Initialize Timer: Record high-resolution start time T_start.
Execute Calibration Burst: Compute VDF iterations using the session's VDF algorithm, starting from H(device-nonce), until 1 second has elapsed.
Record Result: calibration-iterations = number of iterations completed.
Generate Attestation: Construct the attestation payload and sign with hardware-bound key.

The attestation payload for signing:

Calibration Verification A Verifier validates calibration attestation as follows:

Signature Verification: Verify the COSE_Sign1 signature using the device's public key (from hardware-section or certificate chain).
Nonce Uniqueness: Verify the device-nonce has not been seen in other sessions (optional, requires Verifier state).
Plausibility Check: Verify calibration-iterations falls within expected range for the device class:
- Mobile devices: 10^5 - 10^7 iterations/second
- Desktop/laptop: 10^6 - 10^8 iterations/second
- Server-class: 10^7 - 10^9 iterations/second
Consistency Check: For each checkpoint, verify: = iterations / (calibration-iterations * tolerance) ]]> where tolerance accounts for measurement variance (RECOMMENDED: 1.1, i.e., 10% margin).

Trust Model Calibration attestation relies on hardware-bound key integrity:

With hardware attestation: The calibration rate is trustworthy to the extent that the hardware security module is trustworthy. An adversary cannot claim faster-than-actual calibration without compromising the HSM.
Without hardware attestation: The calibration rate is self-reported by the Attesting Environment. The Verifier should apply conservative assumptions and may require external anchors for time verification.

The hardware-section documents whether hardware attestation is available and which platform is used.

Verification Procedure A Verifier appraises VDF proofs through the following procedure:

Iterated Hash Verification For iterated hash VDFs, verification requires recomputation:

Reconstruct Input: Compute VDF_input{N} from the checkpoint data using the entanglement formula in .
Recompute VDF: Execute iterations{N} hash iterations starting from VDF_input{N}.
Compare Output: Verify the computed output matches the claimed VDF_output{N}.
Verify Duration (if calibration present): Apply the consistency check from .

For large evidence packets, Verifiers MAY use sampling strategies:

Verify first and last checkpoints fully
Randomly sample intermediate checkpoints
Verify chain linkage (prev-hash) for all checkpoints

Succinct VDF Verification For succinct VDFs, verification uses the cryptographic proof:

Reconstruct Input: Compute VDF_input{N} as above.
Parse Proof: Decode the proof field according to the algorithm specification.
Verify Proof: Execute the algorithm-specific verification procedure ( or ).
Verify Duration: Apply calibration consistency check.

Algorithm Agility

Migration Path Evidence packets MAY contain checkpoints using different VDF algorithms. This enables migration scenarios:

Upgrading from iterated-sha256 to iterated-sha3-256
Transitioning from iterated hash to succinct VDF
Adopting post-quantum secure constructions

Algorithm changes SHOULD occur at session boundaries. Within a session, algorithm consistency is RECOMMENDED for simplicity.

Post-Quantum Considerations Current VDF constructions have varying post-quantum security:

Iterated Hash (SHA-256, SHA3-256):: Grover's algorithm provides quadratic speedup for preimage attacks. This affects collision resistance but not the sequential computation property. The VDF remains secure with doubled iteration counts.
RSA-based (, ):: Vulnerable to Shor's algorithm. Not recommended for long-term evidence that must remain verifiable in a post-quantum era.
Class-group based:: Based on class group computations in imaginary quadratic fields. Quantum security is less well understood but believed to be stronger than RSA.

For evidence intended to remain valid for decades, iterated hash VDFs are RECOMMENDED.

Security Considerations

Hardware Acceleration Attacks An adversary with specialized hardware (ASICs, FPGAs) may compute VDF iterations faster than the calibrated rate. Mitigations:

Calibration Reflects Actual Hardware: Calibration is performed on the actual device, so the calibration rate already accounts for any acceleration available to the Attester.
Asymmetric Advantage Limited: SHA-256 is widely optimized. The speedup from custom hardware over commodity CPUs with SHA extensions is typically less than 10x.
Economic Analysis: The forgery-cost-section quantifies the cost of acceleration attacks in terms of hardware investment and time.

Parallelization Resistance VDFs are designed to resist parallelization:

Iterated Hash:: Each iteration depends on the previous output. No parallelization is possible without breaking the hash function's preimage resistance.
Succinct VDFs:: Based on repeated squaring in groups with unknown order. Parallelization would require factoring the modulus (RSA-based) or solving the class group order problem (class-group based).

The key insight: an adversary with P processors cannot compute the VDF P times faster. The best known attacks provide negligible parallelization advantage.

Time-Memory Tradeoffs For iterated hash VDFs, an adversary might attempt to precompute and store intermediate values:

Rainbow Tables: Precomputing H^n(x) for many x values. Mitigated by the unpredictable VDF input (includes content hash and jitter commitment).
Checkpoint Tables: Storing every k-th intermediate value during legitimate computation. Enables faster recomputation from nearby checkpoints but does not help with backdating attacks (which require computing from a specific starting point).

No practical time-memory tradeoff significantly reduces the sequential computation requirement.

Calibration Attacks Attacks on the calibration system:

Throttled Calibration:: Adversary intentionally slows device during calibration to report lower iterations-per-second, then computes VDFs faster than claimed. Mitigation: Plausibility checks based on device class. Anomalously slow calibration for a known device model triggers Verifier skepticism.
Calibration Replay:: Adversary reuses calibration attestation from a slower device. Mitigation: Device-nonce binds calibration to session. Hardware signature binds to specific device key.
Device Key Compromise:: Adversary extracts hardware-bound signing key. Mitigation: Hardware security modules are designed to resist key extraction. This attack requires physical access and significant resources.

Timing Side Channels VDF computation timing may leak information:

Iteration Count Inference: Network observers may infer iteration counts from checkpoint timing. This reveals only what is already public in the evidence packet.
Content Inference: VDF computation time is independent of content (fixed iteration count per checkpoint). No content leakage through timing.

VDF implementations SHOULD use constant-time hash operations where available, though timing variations in VDF computation itself do not compromise security.

Absence Proofs: Negative Evidence This section defines the Absence Proofs mechanism, which enables bounded claims about what did NOT occur during document creation. Unlike positive evidence (proving something happened), absence proofs provide negative evidence (proving something did not happen, within defined bounds and trust assumptions).

Design Philosophy Absence proofs address a fundamental question in process attestation: can we make meaningful claims about events that did not occur? The answer is nuanced and depends on carefully articulated trust boundaries.

The Value of Bounded Claims Traditional evidence systems focus on positive claims: "X happened at time T." Absence proofs extend this to negative claims: "X did not exceed threshold Y during interval (T1, T2)." The value of bounded claims lies in their falsifiability:

Positive Claim:: "The author typed this document" -- difficult to verify, requires trust in the entire authoring environment.
Bounded Negative Claim:: "No single edit added more than 500 characters" -- verifiable directly from the checkpoint chain without additional trust assumptions.

Bounded claims shift the burden of proof: instead of claiming what DID happen (which requires comprehensive monitoring), we claim what did NOT happen (which can be bounded by observable evidence).

Inherent Limits of Negative Evidence Absence proofs have fundamental limitations that MUST be clearly communicated:

Monitoring Gaps: Absence claims are valid only during monitored intervals. Gaps in monitoring create gaps in absence guarantees.
Trust Boundaries: Some absence claims require trust in the Attesting Environment (AE). This trust must be explicitly documented.
Threshold Semantics: "No paste above 500 characters" does not imply "no paste." Claims are bounded, not absolute.
Behavioral Consistency, Not Authorship: Absence claims describe observable behavioral patterns, NOT authorship, intent, or cognitive processes. They document consistency between declared process and observable evidence.

Trust Boundary: Chain-Verifiable vs. Monitoring-Dependent The critical architectural distinction in absence proofs is between claims verifiable from the Evidence alone (trustless) and claims that require trust in the Attesting Environment's monitoring capabilities.

Chain-Verifiable Claims (1-15) Chain-verifiable claims can be verified by any party with access to the Evidence packet. No trust in the Attesting Environment is required beyond basic data integrity. These claims are derived purely from the checkpoint chain structure. A Verifier can independently confirm these claims by:

Parsing the checkpoint chain
Verifying chain integrity (hashes, MACs, VDF linkage)
Computing the relevant metrics from checkpoint data
Comparing against the claimed thresholds

No interaction with the Attester or trust in its monitoring capabilities is needed.

Monitoring-Dependent Claims (16-63) Monitoring-dependent claims require trust that the Attesting Environment correctly observed and reported specific events. These claims cannot be verified from the checkpoint chain alone because they depend on real-time monitoring of events external to the document state. For monitoring-dependent claims, the Verifier must assess:

Whether the AE had the capability to observe the relevant events (clipboard access, process enumeration, etc.)
Whether the AE was operating with integrity during the monitoring period
Whether monitoring was continuous or had gaps
What attestation (if any) supports the AE integrity claim

The ae-trust-basis structure documents these trust assumptions explicitly, enabling informed Relying Party decisions.

Trust Model Comparison

Aspect	Chain-Verifiable	Monitoring-Dependent
Verification	Independent, trustless	Requires AE trust
Data Source	Checkpoint chain only	Real-time event monitoring
Confidence Basis	Cryptographic proof	AE integrity attestation
Forgery Resistance	Requires VDF recomputation	Requires AE compromise
Claim Types	1-15	16-63

Chain-Verifiable Claims (Types 1-15) The following claims can be verified directly from the Evidence packet without trusting the Attesting Environment's monitoring capabilities:

Type	Claim	Proves	Verification Method
1	max-single-delta-chars	No single checkpoint added more than N characters	max(delta.chars-added) across all checkpoints
2	max-single-delta-bytes	No single checkpoint added more than N bytes	Derived from char counts with encoding factor
3	max-net-delta-chars	No single checkpoint had net change exceeding N chars	max(\|chars-added - chars-deleted\|) per checkpoint
4	min-vdf-duration-seconds	Total VDF time exceeds N seconds	sum(claimed-duration) across checkpoints
5	min-vdf-duration-per-kchar	At least N seconds of VDF time per 1000 characters	total_vdf_seconds / (final_char_count / 1000)
6	checkpoint-chain-complete	No gaps in checkpoint sequence	Verify sequence numbers are consecutive
7	checkpoint-chain-consistent	All prev-hash values match prior checkpoint-hash	Verify hash chain linkage
8	jitter-entropy-above-threshold	Captured entropy exceeds N bits	sum(estimated-entropy-bits) from jitter-binding
9	jitter-samples-above-count	Jitter sample count exceeds N	sum(sample-count) from jitter-summary
10	revision-points-above-count	Document had at least N revision points	Count checkpoints where chars-deleted > 0
11	session-count-above-threshold	Evidence spans at least N sessions	Count distinct session boundaries in chain

Verification Details For each chain-verifiable claim, the Verifier performs: = claim.threshold) (4) Return verification result if passes: return PROVEN(observed_value, claim.threshold) else: return FAILED(observed_value, claim.threshold) ]]> The key property: verification depends ONLY on cryptographically verifiable checkpoint data, not on any external monitoring claims by the AE.

Monitoring-Dependent Claims (Types 16-63) The following claims require trust in the Attesting Environment's monitoring capabilities. Each claim documents the specific AE capability required and the basis for trusting that capability.

Type	Claim	AE Capability Required	Trust Basis
16	max-paste-event-chars	Clipboard monitoring	OS-reported paste events
17	max-clipboard-access-chars	Clipboard content access	Application-level clipboard hooks
18	no-paste-from-ai-tool	Clipboard source attribution	OS process enumeration + clipboard
20	max-insertion-rate-wpm	Real-time keystroke monitoring	Input event stream timing
21	no-automated-input-pattern	Input timing analysis	Statistical pattern recognition
22	no-macro-replay-detected	Input source verification	OS input subsystem attestation
32	no-file-import-above-bytes	File operation monitoring	Application file access hooks
33	no-external-file-open	File system monitoring	OS file access events
40	no-concurrent-ai-tool	Process enumeration	OS process list attestation
41	no-llm-api-traffic	Network traffic monitoring	Network stack inspection
48	max-idle-gap-seconds	Continuous activity monitoring	Input event stream continuity
49	active-time-above-threshold	Active time measurement	Input event correlation

Trust Basis Documentation Each monitoring-dependent claim MUST include an ae-trust-basis structure that documents the trust assumptions: ae-trust-target, ; trust-target 2 => tstr, ; justification 3 => bool, ; verified } ae-trust-target = &( witnessd-software-integrity: 1, os-reported-events: 2, application-reported-events: 3, tpm-attested-elsewhere: 16, se-attested-elsewhere: 17, unverified-assumption: 32, ) ]]>

witnessd-software-integrity (1):: Trust that the witnessd software itself is unmodified and correctly implements monitoring. Requires software attestation or code signing verification.
os-reported-events (2):: Trust that the operating system correctly reports events (clipboard, process list, file access). Requires OS integrity.
application-reported-events (3):: Trust that the authoring application correctly reports events. Weakest trust level; application may be compromised.
tpm-attested-elsewhere (16):: TPM attestation of the AE state exists in the hardware-section. Cross-reference for verification.
se-attested-elsewhere (17):: Secure Enclave attestation of the AE state exists in the hardware-section. Cross-reference for verification.
unverified-assumption (32):: The claim is based on assumptions that cannot be verified. Relying Party must decide whether to accept based on context.

The justification field provides human-readable explanation of why the trust basis is believed adequate. The verified field indicates whether the trust basis was cryptographically verified (true) or merely assumed (false).

Monitoring Coverage Honest documentation of monitoring gaps is essential for meaningful absence claims. The monitoring-coverage structure captures the scope and limitations of AE monitoring. bool, ; keyboard-monitored 2 => bool, ; clipboard-monitored 3 => [+ time-interval], ; monitoring-intervals 4 => float32, ; coverage-fraction ? 5 => hardware-attestation, ; monitoring-attestation } time-interval = { 1 => pop-timestamp, ; start 2 => pop-timestamp, ; end } ]]>

Coverage Fields

keyboard-monitored (key 1):: Boolean indicating whether keyboard input events were monitored during the session. If false, claims about typing patterns (20-22) cannot be made.
clipboard-monitored (key 2):: Boolean indicating whether clipboard operations were monitored. If false, claims about paste events (16-18) cannot be made.
monitoring-intervals (key 3):: Array of time intervals during which monitoring was active. Gaps between intervals represent periods where monitoring was suspended (application backgrounded, system sleep, etc.).
coverage-fraction (key 4):: Fraction of total session time covered by monitoring, calculated as sum(interval_duration) / total_session_duration. Values below 0.95 indicate significant monitoring gaps that may affect absence claim confidence.
monitoring-attestation (key 5, optional):: Hardware attestation that monitoring was active during the claimed intervals. Provides stronger assurance than self-reported coverage.

Gap Semantics Monitoring gaps have explicit semantic impact on absence claims:

Covered Intervals: Absence claims apply fully during covered intervals. "No paste above 500 chars during (T1, T2)" means the AE would have detected any such paste.
Gap Intervals: During gaps, monitoring-dependent claims cannot be made. An event could have occurred unobserved.
Gap-Aware Claims: If coverage-fraction is below 1.0, absence claims SHOULD include a caveat noting the monitoring gap percentage.

Chain-verifiable claims (1-15) are NOT affected by monitoring gaps because they are derived from the checkpoint chain, which has no gaps (checkpoint-chain-complete verifies this).

Absence Section Structure The absence-section appears as an optional field (key 15) in the evidence-packet: monitoring-coverage, ; monitoring-coverage 2 => [+ absence-claim], ; claims ? 3 => claim-summary, ; claim-summary } claim-summary = { 1 => uint, ; chain-verifiable-count 2 => uint, ; monitoring-dependent-count 3 => bool, ; all-claims-attested } absence-claim = { 1 => absence-claim-type, ; claim-type 2 => absence-threshold, ; threshold 3 => absence-proof, ; proof 4 => absence-confidence, ; confidence ? 5 => ae-trust-basis, ; ae-trust-basis (monitoring) } absence-threshold = { 1 => uint / float32 / null, ; value } absence-proof = { 1 => absence-proof-method, ; proof-method 2 => absence-evidence, ; evidence } absence-proof-method = &( checkpoint-chain-analysis: 1, keystroke-analysis: 2, platform-attestation: 3, network-attestation: 4, statistical-inference: 5, ) absence-evidence = { ? 1 => [uint, uint], ; checkpoint-range ? 2 => uint, ; max-observed-value ? 3 => float32, ; max-observed-rate ? 4 => tstr, ; statistical-test ? 5 => float32, ; p-value ? 6 => bstr, ; attestation-ref } absence-confidence = { 1 => confidence-level, ; level 2 => [* tstr], ; caveats } confidence-level = &( proven: 1, high: 2, medium: 3, low: 4, ) ]]>

Confidence Levels

proven (1):: The claim is cryptographically provable from the Evidence. Only chain-verifiable claims (1-15) can achieve this level.
high (2):: Strong evidence supports the claim. For monitoring-dependent claims, requires hardware attestation of AE integrity and high monitoring coverage (>95%).
medium (3):: Reasonable evidence supports the claim. AE integrity is assumed but not hardware-attested. Monitoring coverage is acceptable (>80%).
low (4):: Weak evidence supports the claim. Significant caveats apply. Monitoring gaps exist or AE trust basis is unverified.

Verification Procedure A Verifier appraises absence claims through a structured procedure that distinguishes chain-verifiable from monitoring-dependent claims:

Step 1: Verify Chain-Verifiable Claims For claims with type 1-15:

Verify Evidence Integrity: Verify checkpoint chain hashes, VDF linkage, and structural validity per the base protocol.
Extract Metrics: Compute the relevant metric from checkpoint data (e.g., max delta chars, total VDF duration).
Compare Threshold: Verify the computed metric satisfies the claimed threshold.
Assign Confidence: Chain-verifiable claims that pass receive confidence level "proven" (1).

Step 2: Appraise Monitoring-Dependent Claims For claims with type 16-63:

Assess AE Trust Basis: Examine the ae-trust-basis for each claim. Determine whether the trust target is appropriate for the claim type and whether it was verified.
Evaluate Monitoring Coverage: Check monitoring-coverage to determine whether the relevant monitoring was active. Verify coverage-fraction is adequate for the confidence level claimed.
Cross-Reference Hardware Attestation: If ae-trust-target is tpm-attested-elsewhere (16) or se-attested-elsewhere (17), verify the corresponding attestation exists in hardware-section.
Evaluate Evidence: Examine the absence-evidence for supporting data. Statistical tests should have appropriate p-values; attestation references should be verifiable.
Assign Confidence: Based on the above factors, assign confidence level (2-4). Level 1 (proven) is NOT available for monitoring-dependent claims.
Document Caveats: Record any limitations or assumptions in the caveats array of the verification result.

Step 3: Produce Verification Summary The Verifier produces a result-claim for each absence-claim examined: uint, ; claim-type 2 => bool, ; verified (claim holds) ? 3 => tstr, ; detail (reasoning) ? 4 => confidence-level, ; claim-confidence } ]]> The aggregated results appear in the attestation-result (.war file) as the verified-claims array.

RATS Architecture Mapping Absence proofs extend the RATS (Remote ATtestation procedureS) evidence model in several ways:

Role Distribution

Attester Responsibility:: The Attester (witnessd AE) generates absence claims based on its monitoring observations. For chain-verifiable claims, the Attester merely assembles checkpoint data in a format that enables Verifier computation. For monitoring-dependent claims, the Attester makes assertions about events it observed (or did not observe).
Verifier Responsibility:: The Verifier independently verifies chain-verifiable claims by recomputing metrics from Evidence. For monitoring-dependent claims, the Verifier appraises the trust basis and determines whether to accept the Attester's monitoring assertions.
Relying Party Responsibility:: The Relying Party consumes the attestation-result (.war file) and decides whether the verified claims meet their requirements. Different use cases may require different confidence levels or claim types.

Evidence Model Extension Standard RATS evidence attests to system state (software versions, configuration). Absence proofs add a new category:

State Evidence (traditional RATS):: "The system was in configuration C at time T."
Behavioral Consistency Evidence (absence proofs):: "Observable behavior during interval (T1, T2) was consistent with constraint X."

This extension enables attestation about processes, not just states. The checkpoint chain provides the evidentiary basis for process claims that would otherwise require continuous trusted monitoring.

Appraisal Policy Integration Verifiers MAY define appraisal policies that specify:

Which absence claim types are required for acceptance
Minimum confidence levels for each claim type
Required trust basis for monitoring-dependent claims
Minimum monitoring coverage thresholds

Example policy (informative):

Security Considerations

What Absence Claims Do NOT Prove Absence claims have explicit limits that MUST be understood by all parties:

Absence claims do NOT prove authorship:: "No single edit added more than 500 characters" does not prove who performed the edits. It proves only that the observable edit pattern had this property.
Absence claims do NOT prove intent:: "No paste from AI tool detected" does not prove the author intended to write without AI assistance. The author may have used AI tools in ways that evade detection.
Absence claims do NOT prove cognitive process:: Behavioral patterns consistent with human typing do not prove human cognition produced the content. The claims describe observable behavior, not mental states.
Absence claims do NOT prove completeness:: Claims apply only to monitored intervals. Events during monitoring gaps are not covered by absence claims.

Framing claims as "behavioral consistency" rather than "human authorship" avoids overclaiming and maintains intellectual honesty about what the evidence actually shows.

Attesting Environment Compromise Monitoring-dependent claims are only as trustworthy as the Attesting Environment:

Software Compromise: Modified witnessd software could fabricate monitoring observations. Mitigated by code signing and software attestation.
OS Compromise: Compromised OS could report false clipboard contents or process lists. Mitigated by hardware attestation of OS integrity.
Hardware Compromise: Physical access to device could enable hardware-level attacks. This is outside the threat model for most use cases.

The ae-trust-basis structure explicitly documents which trust assumptions apply, enabling Relying Parties to make informed decisions about acceptable risk.

Monitoring Evasion Sophisticated adversaries may attempt to evade monitoring:

Timing-Based Evasion:: Performing prohibited actions during monitoring gaps. Mitigated by high coverage requirements and gap documentation.
Tool-Based Evasion:: Using tools not in the detection list (e.g., novel AI tools). The claim "no-concurrent-ai-tool" refers to known tools; unknown tools may evade detection.
Channel-Based Evasion:: Using alternative input channels (screen readers, accessibility features) not monitored by the AE. Mitigated by comprehensive input monitoring.
Simulation:: Generating input patterns that mimic human behavior. The jitter-seal and VDF mechanisms make this costly but not impossible. See forgery-cost-section.

Absence proofs do not claim to make evasion impossible, only to make it costly and to document the monitoring coverage that was actually achieved.

Statistical Claim Limitations Claims based on statistical inference (proof-method 5) have inherent uncertainty:

p-values indicate probability, not certainty
Multiple testing increases false positive risk
Adversarial inputs may exploit statistical assumptions

Statistical claims SHOULD be assigned confidence level "medium" (3) or "low" (4) unless supported by additional evidence.

Privacy Considerations Absence claims may reveal information about the authoring process:

Edit Pattern Disclosure: Chain-verifiable claims reveal aggregate statistics about edit sizes and frequencies. This is inherent in the checkpoint chain and cannot be hidden without removing the evidentiary basis for claims.
Tool Usage Disclosure: Claims like "no-concurrent-ai-tool" implicitly reveal that the AE was monitoring for AI tool usage. Users should be informed of this monitoring.
Behavioral Fingerprinting: Detailed jitter data and monitoring observations could theoretically enable behavioral fingerprinting. The histogram aggregation in jitter-binding mitigates this for timing data.

Users SHOULD be informed which absence claims will be generated and have the option to disable specific monitoring capabilities if privacy concerns outweigh the value of those claims.

Forgery Cost Bounds (Quantified Security) This section defines the forgery cost bounds mechanism, which provides quantified security analysis for Proof of Process evidence. Rather than claiming evidence is "secure" or "insecure" in absolute terms, this framework expresses security as minimum resource costs that an adversary must expend to produce counterfeit evidence.

Design Philosophy Traditional security claims are often binary: a system is either "secure" or "broken." This framing poorly serves attestation scenarios where:

Adversary capabilities vary across resource levels
Evidence value degrades gracefully rather than failing completely
Relying Parties have different risk tolerances
Hardware costs and computational speeds change over time

The Proof of Process framework adopts quantified security: expressing security guarantees in terms of measurable costs (time, entropy, economic resources) that bound adversary capabilities.

Cost-Asymmetric Forgery The design goal is cost asymmetry: producing genuine evidence should be inexpensive (a natural byproduct of authoring), while producing counterfeit evidence should require resources disproportionate to any benefit gained. Cost asymmetry is achieved through three mechanisms:

Time Asymmetry (VDF):: Genuine evidence accumulates VDF proofs during natural authoring time. Forgery requires recomputing the VDF chain, which cannot be parallelized. The adversary must spend wall-clock time proportional to the claimed authoring duration.
Entropy Asymmetry (Jitter Seal):: Genuine evidence captures behavioral entropy that exists only at the moment of observation. Forgery requires either guessing the entropy commitment (computationally infeasible) or simulating human input patterns in real time (bounded by the same VDF constraints).
Economic Asymmetry (Resource Cost):: The combined time and entropy requirements translate to economic costs. Forging evidence for a 10-hour authoring session requires at minimum 10 hours of compute time plus specialized resources, making mass forgery economically impractical.

What Forgery Cost Bounds Do NOT Claim Forgery cost bounds explicitly avoid claims that evidence is:

Unforgeable: Given sufficient resources, any evidence can be forged. The bounds quantify "sufficient."
Guaranteed authentic: Bounds express minimum forgery costs, not maximum. Cheaper attacks may exist that have not been discovered.
Irrefutable proof: Evidence supports claims with quantified confidence, not mathematical certainty.
Permanent: Cost bounds depreciate as hardware improves. Evidence verified today may have different bounds when re-evaluated in the future.

Forgery Cost Section Structure The forgery-cost-section appears in each evidence packet and contains four required components: time-bound, ; time-bound 2 => entropy-bound, ; entropy-bound 3 => economic-bound, ; economic-bound 4 => security-statement, ; security-statement } ]]> These components represent orthogonal dimensions of forgery cost. A complete security assessment considers all four dimensions.

Time Bound The time-bound quantifies the minimum wall-clock time required to recompute the VDF chain, establishing a lower bound on forgery duration. uint, ; total-iterations 2 => uint, ; calibration-rate 3 => tstr, ; reference-hardware 4 => float32, ; min-recompute-seconds 5 => bool, ; parallelizable ? 6 => uint, ; max-parallelism } ]]>

Field Definitions

total-iterations (key 1):: Sum of all VDF iterations across all checkpoints in the evidence packet, computed as sum(checkpoint{i}.vdf-proof.iterations) for all i.
calibration-rate (key 2):: The attested iterations-per-second from the calibration attestation. This represents the maximum VDF computation speed on the Attesting Environment's hardware.
reference-hardware (key 3):: Human-readable description of the hardware used for calibration (e.g., "Apple M2 Pro", "Intel i9-13900K"). Used for plausibility assessment, not verification.
min-recompute-seconds (key 4):: Minimum wall-clock seconds required to recompute the VDF chain on reference hardware, calculated as total-iterations / calibration-rate. This is a lower bound: actual recomputation on slower hardware takes longer.
parallelizable (key 5):: Boolean indicating whether the VDF algorithm permits parallelization. For iterated hash VDFs (algorithms 1-15), this is always false. For certain succinct VDF constructions, limited parallelization may be possible.
max-parallelism (key 6, optional):: If parallelizable is true, the maximum parallel speedup factor. For iterated hash VDFs, this field is absent.

Time Bound Verification A Verifier computes and validates the time bound as follows:

Sum Iterations: Traverse all checkpoints and sum the iterations field from each VDF proof.
Verify Calibration: If calibration attestation is present, verify the hardware signature and check that calibration-rate matches the attested iterations-per-second.
Compute Minimum Time: Divide total-iterations by calibration-rate. Verify the result matches min-recompute-seconds within floating-point tolerance.
Plausibility Check: Verify min-recompute-seconds is consistent with the claimed authoring duration. Significant discrepancy (e.g., 10-hour claimed session with 1-minute VDF time) indicates either misconfiguration or potential manipulation.

Parallelization Resistance The security of time bounds depends on VDF parallelization resistance. For iterated hash VDFs:

Each iteration depends on the previous output
No known technique computes H^n(x) faster than n sequential hash operations
An adversary with P processors cannot compute the chain P times faster

This property ensures that time bounds reflect wall-clock time, not aggregate compute time. An adversary with a data center cannot forge 10 hours of evidence in 10 minutes by using 60x more processors. See for detailed analysis of parallelization resistance in each VDF algorithm.

Entropy Bound The entropy-bound quantifies the unpredictability in the evidence chain, establishing a lower bound on the probability of guessing or replaying entropy commitments. float32, ; total-entropy-bits 2 => uint, ; sample-count 3 => float32, ; entropy-per-sample 4 => float32, ; brute-force-probability 5 => bool, ; replay-possible ? 6 => tstr, ; replay-prevention } ]]>

Field Definitions

total-entropy-bits (key 1):: Aggregate entropy across all Jitter Seals in the evidence packet, expressed in bits. Computed as sum(jitter-summary[i].estimated-entropy-bits) for all i.
sample-count (key 2):: Total number of timing samples captured across all Jitter Seals. Higher sample counts increase confidence in the entropy estimate.
entropy-per-sample (key 3):: Average entropy contribution per timing sample, calculated as total-entropy-bits / sample-count. Typical human typing contributes 2-4 bits per inter-key interval.
brute-force-probability (key 4):: Probability of successfully guessing the entropy commitment by brute force, calculated as 2^(-total-entropy-bits). For 64 bits of entropy, this is approximately 5.4 x 10^-20.
replay-possible (key 5):: Boolean indicating whether Jitter Seal replay is theoretically possible. This is false when VDF entanglement is properly configured (entropy commitment appears in VDF input).
replay-prevention (key 6, optional):: Human-readable description of replay prevention mechanisms. Typical value: "VDF entanglement with prev-checkpoint binding".

Entropy Bound Verification A Verifier computes and validates the entropy bound as follows:

Aggregate Entropy: Sum estimated-entropy-bits from each checkpoint's jitter-summary. Verify the total matches total-entropy-bits.
Count Samples: Sum sample-count from each jitter-summary. Verify consistency with the claimed sample-count.
Verify Entropy Estimates: If raw-intervals are disclosed, recompute the histogram and Shannon entropy. Verify consistency with the claimed entropy estimate.
Check Replay Prevention: Verify each entropy-commitment appears in the corresponding VDF input. If VDF entanglement is absent, set replay-possible to true.
Compute Brute-Force Probability: Calculate 2^(-total-entropy-bits) and verify it matches the claimed brute-force-probability within floating-point tolerance.

Minimum Entropy Requirements RECOMMENDED minimum entropy thresholds by evidence tier:

Tier	Min Total Entropy	Brute-Force Probability
Basic	32 bits	< 2.3 x 10^-10
Standard	64 bits	< 5.4 x 10^-20
Enhanced	128 bits	< 2.9 x 10^-39

Evidence packets failing to meet minimum entropy thresholds SHOULD be flagged in the security-statement caveats.

Economic Bound The economic-bound translates time and entropy requirements into monetary costs, enabling Relying Parties to assess forgery feasibility in economic terms. tstr, ; cost-model-version 2 => pop-timestamp, ; cost-model-date 3 => cost-estimate, ; compute-cost 4 => cost-estimate, ; time-cost 5 => cost-estimate, ; total-min-cost 6 => cost-estimate, ; cost-per-hour-claimed } cost-estimate = { 1 => float32, ; usd 2 => float32, ; usd-low 3 => float32, ; usd-high 4 => tstr, ; basis } ]]>

Field Definitions

cost-model-version (key 1):

Identifier for the cost model used (e.g., "witnessd-cost-2025Q1"). Cost models are versioned because hardware prices and computational costs change over time.

cost-model-date (key 2):

Timestamp when the cost model was established. Cost estimates should be re-evaluated if the model is more than 12 months old.

compute-cost (key 3):

Cost of computational resources required to recompute the VDF chain. Includes:

Cloud compute instance cost for min-recompute-seconds
Electricity cost for sustained computation
Amortized hardware cost if using dedicated equipment

time-cost (key 4):

Opportunity cost of the wall-clock time required for forgery. An adversary attempting to forge 10-hour evidence cannot use that time for other purposes. This is modeled as the economic value of the adversary's time.

total-min-cost (key 5):

Minimum total cost to forge the evidence, combining compute and time costs. This is the primary metric for cost-benefit analysis.

cost-per-hour-claimed (key 6):

Forgery cost normalized by claimed authoring duration, calculated as total-min-cost / claimed-duration-hours. This metric enables comparison across evidence packets of different lengths.

Cost Estimate Structure Each cost-estimate includes a point estimate and confidence range:

usd (key 1):: Point estimate in US dollars. This is the expected cost under typical assumptions.
usd-low (key 2):: Lower bound of 90% confidence interval. Represents cost assuming adversary has access to discounted resources.
usd-high (key 3):: Upper bound of 90% confidence interval. Represents cost assuming adversary must acquire resources at market rates.
basis (key 4):: Human-readable description of the cost calculation basis (e.g., "AWS c7i.large @ $0.085/hr + $0.10/kWh electricity").

Cost Computation Reference cost computation for compute-cost: Reference cost computation for time-cost: These are reference calculations. Implementations MAY use different cost models appropriate to their deployment context.

Cost Model Depreciation Hardware costs decrease and computational speeds increase over time. Cost estimates depreciate accordingly:

Moore's Law Effect: Compute cost per operation halves approximately every 2 years. A cost model from 2023 overestimates 2025 forgery costs by roughly 2x.
Hardware Acceleration: New hardware (GPUs, ASICs) may provide step-function improvements for specific algorithms. Cost models should be updated when significant new hardware becomes available.
Cloud Pricing: Cloud compute costs generally decrease over time. Cost models should reference current pricing.

Verifiers SHOULD apply a depreciation adjustment when evaluating cost bounds with cost-model-date more than 12 months in the past:

Security Statement The security-statement provides a formal claim about the evidence security, including explicit assumptions and caveats. tstr, ; claim 2 => formal-security-bound, ; formal 3 => [+ tstr], ; assumptions 4 => [* tstr], ; caveats } formal-security-bound = { 1 => float32, ; min-seconds 2 => float32, ; min-entropy-bits 3 => float32, ; min-cost-usd } ]]>

Field Definitions

claim (key 1):

Human-readable security claim. MUST be phrased as a minimum bound, not an absolute guarantee. Example: "Forging this evidence requires at minimum 8.3 hours of sequential computation, 67 bits of entropy prediction, and an estimated $42-$126 in resources."

formal (key 2):

Machine-readable security bounds for automated policy evaluation.

assumptions (key 3):

List of assumptions under which the security claim holds. MUST include at minimum:

Cryptographic assumption (e.g., "SHA-256 preimage resistance")
Hardware assumption (e.g., "Calibration attestation is accurate")
Adversary model (e.g., "Adversary cannot parallelize VDF computation")

caveats (key 4):

List of limitations or warnings about the security claim. Examples:

"Cost estimates based on 2024Q4 cloud pricing"
"Entropy estimate assumes timing samples are independent"
"Does not protect against Attesting Environment compromise"

Formal Security Bound The formal-security-bound provides three orthogonal minimum requirements for forgery:

min-seconds (key 1):: Minimum wall-clock seconds to forge the evidence. Derived from time-bound.min-recompute-seconds.
min-entropy-bits (key 2):: Minimum entropy bits an adversary must predict or generate. Derived from entropy-bound.total-entropy-bits.
min-cost-usd (key 3):: Minimum cost in USD to forge the evidence. Derived from economic-bound_total-min-cost_usd-low (conservative estimate).

Relying Parties can evaluate these bounds against their risk tolerance. For example, a policy might require: = 3600 AND (At least 1 hour) min-entropy-bits >= 64 AND (At least 64 bits) min-cost-usd >= 100 (At least $100) ]]>

Verification Procedure A Verifier computes and validates forgery cost bounds through the following procedure:

Compute Time Bound: Sum VDF iterations across all checkpoints. Retrieve calibration-rate from calibration attestation. Compute min-recompute-seconds = total-iterations / calibration-rate.
Compute Entropy Bound: Aggregate entropy estimates from all Jitter Seals. Verify VDF entanglement for each seal. Compute brute-force probability.
Compute Economic Bound: Apply cost model to time bound. Compute confidence intervals. Normalize by claimed duration.
Construct Security Statement: Generate human-readable claim. Populate formal bounds. List applicable assumptions. Add any relevant caveats.
Validate Claimed Bounds: Compare computed bounds against those claimed in the evidence packet. Flag discrepancies exceeding tolerance.
Apply Depreciation: If cost-model-date is stale, apply depreciation adjustment to economic bounds.

The Verifier MAY recompute bounds using its own cost model rather than accepting the Attester's claimed bounds. Independent recomputation is RECOMMENDED for high-stakes verification.

Security Considerations

Assumed Adversary Capabilities Forgery cost bounds assume an adversary with:

Access to commodity hardware at market prices
Ability to execute VDF algorithms correctly
No ability to parallelize inherently sequential VDFs
No ability to predict behavioral entropy in advance
No compromise of the Attesting Environment during evidence generation

Bounds may not hold against adversaries who:

Have access to specialized hardware (ASICs) at below-market cost
Can compromise the Attesting Environment
Discover novel attacks on VDF or hash function constructions
Have access to quantum computers capable of breaking cryptographic assumptions

Limitations of Cost Bounds Forgery cost bounds provide lower bounds, not guarantees:

Unknown Attacks:: The bounds assume current best-known attacks. Future cryptanalytic advances may reduce actual forgery costs.
Cost Model Accuracy:: Economic estimates depend on cost model assumptions. Actual adversary costs may differ based on resource access.
Entropy Estimation:: Shannon entropy estimates assume independent samples. Correlations in timing data may reduce effective entropy.
Calibration Trust:: Time bounds depend on calibration accuracy. Without hardware attestation, calibration is self-reported and may be manipulated.

What Bounds Do NOT Guarantee Forgery cost bounds explicitly do NOT provide:

Authenticity Proof: Evidence meeting cost thresholds is not proven authentic. It is proven expensive to forge. These are distinct claims.
Content Verification: Bounds say nothing about document content, quality, or accuracy. Only the process evidence is bounded.
Intent Attribution: Bounds do not prove who created the evidence or why. Identity and intent are outside the scope of cost analysis.
Long-Term Security: Bounds depreciate over time. Evidence considered secure today may have insufficient bounds in 10 years.

Policy Guidance for Relying Parties Relying Parties should establish policies based on:

Risk Assessment: What is the cost of accepting forged evidence? High-stakes decisions require higher cost thresholds.
Adversary Economics: Would forgery be economically rational? If forgery costs exceed potential gain, rational adversaries will not attempt it.
Time Sensitivity: How quickly must evidence be verified? Long verification delays may reduce the utility of cost bounds.
Corroborating Evidence: Cost bounds are one factor among many. External anchors, hardware attestation, and contextual information all contribute to overall confidence.

Cross-Document Provenance Links This section defines a mechanism for establishing cryptographic relationships between Evidence packets. Provenance links enable authors to prove that one document evolved from, merged with, or was derived from other documented works.

Motivation Real-world authorship rarely occurs in isolation. Documents evolve through multiple stages:

Research notes become draft papers become published articles
Multiple contributors merge their sections into a collaborative work
A thesis chapter is extracted and expanded into a standalone paper
A codebase is forked, modified, and the changes documented

Without provenance links, each Evidence packet is cryptographically isolated. An author cannot prove that their final manuscript evolved from the lab notes they documented six months earlier. Provenance links provide this capability while maintaining the privacy and security properties of witnessd Evidence.

Provenance Section Structure The provenance section is an optional component of the Evidence packet, identified by integer key 20. When present, it documents the relationship between the current Evidence packet and one or more parent packets. [+ provenance-link], ; parent-links ? 2 => [+ derivation-claim], ; derivation-claims ? 3 => provenance-metadata, ; metadata } ; Link to a parent Evidence packet provenance-link = { 1 => uuid, ; parent-packet-id 2 => hash-value, ; parent-chain-hash 3 => derivation-type, ; how this document relates 4 => pop-timestamp, ; when derivation occurred ? 5 => tstr, ; relationship-description ? 6 => [+ uint], ; inherited-checkpoints ? 7 => cose-signature, ; cross-packet-attestation } ; Type of derivation relationship derivation-type = &( continuation: 1, ; same work, new packet merge: 2, ; from multiple sources split: 3, ; Extracted from larger work rewrite: 4, ; Substantial revision translation: 5, ; Language translation fork: 6, ; independent branch citation-only: 7, ; references only ) ; Claims about what was derived and how derivation-claim = { 1 => derivation-aspect, ; what-derived 2 => derivation-extent, ; extent ? 3 => tstr, ; description ? 4 => float32, ; estimated-percentage } derivation-aspect = &( structure: 1, ; Document organization content: 2, ; Textual content ideas: 3, ; Conceptual elements data: 4, ; Data or results methodology: 5, ; Methods or approach code: 6, ; Source code ) derivation-extent = &( none: 0, ; Not derived minimal: 1, ; Less than 10% partial: 2, ; 10-50% substantial: 3, ; 50-90% complete: 4, ; More than 90% ) ; Optional metadata about provenance provenance-metadata = { ? 1 => tstr, ; provenance-statement ? 2 => bool, ; all-parents-available ? 3 => [+ tstr], ; missing-parent-reasons } ]]>

Verification of Provenance Links Verifiers MUST perform the following checks when provenance links are present:

Parent Chain Hash Verification For each provenance-link, if the parent Evidence packet is available:

Verify that parent-packet-id matches the packet-id field of the parent Evidence packet.
Verify that parent-chain-hash matches the checkpoint-hash of the final checkpoint in the parent Evidence packet.
Verify that the derivation timestamp is not earlier than the created timestamp of the parent packet.

If the parent Evidence packet is not available, the Verifier SHOULD note this limitation in the Attestation Result caveats. The provenance link remains valid but unverified.

Cross-Packet Attestation When cross-packet-attestation is present, it provides cryptographic proof that the author of the current packet had access to the parent packet at the time of derivation: This attestation prevents retroactive provenance claims where an author discovers an existing Evidence packet and falsely claims derivation after the fact.

Privacy Considerations for Provenance Provenance links may reveal information about the author's creative process and document history. Authors SHOULD consider:

Parent packet IDs are disclosed to anyone with access to the child packet.
If parent packets use the author-salted hash mode, the salt MUST be shared for full verification.
Derivation claims may reveal collaboration patterns or research relationships.

Authors MAY choose to omit provenance links for privacy while still maintaining independent Evidence for each document.

Provenance Link Examples

Continuation Example A dissertation written over 18 months with monthly Evidence exports:

Merge Example A collaborative paper merging contributions from three authors:

Incremental Evidence with Continuation Tokens This section defines a mechanism for producing Evidence packets incrementally over extended authoring periods. Continuation tokens allow a single logical authorship effort to be documented across multiple Evidence packets without losing cryptographic continuity.

Motivation Long-form works such as novels, dissertations, or technical books may span months or years of active authorship. Capturing all Evidence in a single packet presents practical challenges:

Unbounded checkpoint chains consume storage and increase verification time.
Authors may need to share partial Evidence before work completion (e.g., chapter submissions, progress reports).
System failures or device changes could result in loss of accumulated Evidence.
Privacy requirements may dictate periodic Evidence export and local data deletion.

Continuation tokens address these challenges by enabling cryptographically-linked Evidence packet chains while preserving independent verifiability of each packet.

Continuation Token Structure The continuation token is an optional component of the Evidence packet, identified by integer key 21. It establishes the packet's position within a multi-packet Evidence series. uuid, ; series-id 2 => uint, ; packet-sequence ? 3 => hash-value, ; prev-packet-chain-hash ? 4 => uuid, ; prev-packet-id 5 => continuation-summary, ; cumulative-summary ? 6 => cose-signature, ; series-binding-signature } ; Cumulative statistics across the series continuation-summary = { 1 => uint, ; total-checkpoints-so-far 2 => uint, ; total-chars-so-far 3 => duration, ; total-vdf-time-so-far 4 => float32, ; total-entropy-bits-so-far 5 => uint, ; packets-in-series ? 6 => pop-timestamp, ; series-started-at ? 7 => duration, ; total-elapsed-time } ]]> Key semantics:

series-id:: A UUID that remains constant across all packets in the series. Generated when the first packet in the series is created.
packet-sequence:: Zero-indexed sequence number. The first packet in a series has packet-sequence = 0.
prev-packet-chain-hash:: The checkpoint-hash of the final checkpoint in the previous packet. MUST be present for packet-sequence > 0. MUST NOT be present for packet-sequence = 0.
prev-packet-id:: The packet-id of the previous packet in the series. SHOULD be present for packet-sequence > 0 to enable packet retrieval.
cumulative-summary:: Running totals across all packets in the series, enabling Verifiers to assess the full authorship effort without accessing all prior packets.

Chain Integrity Across Packets When a new packet continues from a previous packet, the VDF chain MUST maintain cryptographic continuity: This construction ensures:

The new packet cannot be created without knowledge of the previous packet's final VDF output.
Backdating the new packet requires recomputing all VDF proofs in both the current and all subsequent packets.
The series-id and packet-sequence are bound into the VDF chain, preventing packets from being reordered or reassigned to different series.

Verification of Continuation Chains

Single Packet Verification Each packet in a continuation series MUST be independently verifiable. A Verifier with access only to packet N can:

Verify all checkpoint chain integrity within the packet.
Verify all VDF proofs within the packet.
Verify jitter bindings within the packet.
Report the cumulative-summary as claimed (not proven without prior packets).

The Attestation Result SHOULD note that the packet is part of a series and whether prior packets were verified.

Full Series Verification When all packets in a series are available, a Verifier MUST:

Verify each packet independently.
Verify that series-id is consistent across all packets.
Verify that packet-sequence values are consecutive starting from 0.
For each packet N > 0, verify that prev-packet-chain-hash matches the final checkpoint-hash of packet N-1.
For each packet N > 0, verify that the first checkpoint's VDF_input incorporates the previous packet's final VDF_output.
Verify that cumulative-summary values are consistent with the sum of individual packet statistics.

Series Binding Signature The optional series-binding-signature provides cryptographic proof that all packets in a series were produced by the same author: When present, Verifiers can confirm that the signing key is consistent across all packets in the series, providing additional assurance of authorship continuity.

Practical Considerations

When to Export a Continuation Packet Implementations SHOULD support configurable triggers for continuation packet export:

Checkpoint count threshold: Export after N checkpoints (e.g., 1000).
Time interval: Export weekly or monthly.
Document size threshold: Export when document exceeds N characters.
Manual trigger: User-initiated export.
Milestone events: Export at chapter completion or version milestones.

Handling Gaps in Series If a packet in a series is lost or unavailable:

Subsequent packets remain independently verifiable.
The cumulative-summary provides claimed totals but cannot be proven without all packets.
Verifiers MUST note the gap in Attestation Results.
Chain continuity verification fails at the gap but resumes for subsequent contiguous packets.

Continuation Token Example Third monthly export of a dissertation in progress:

Quantified Trust Policies This section defines a framework for expressing and computing trust scores in Attestation Results. Trust policies enable Relying Parties to customize how Evidence is evaluated and to understand the basis for confidence scores.

Motivation The base attestation-result structure provides a confidence-score (0.0-1.0) and a verdict enumeration, but does not explain how these values were computed. Different Relying Parties have different trust requirements:

An academic journal may weight presence challenges heavily.
A legal proceeding may require hardware attestation.
A publishing platform may prioritize VDF duration.
An enterprise may have compliance-specific criteria.

Without explicit trust policies, Relying Parties cannot:

Understand why a particular confidence score was assigned.
Compare scores from different Verifiers.
Customize evaluation criteria for their domain.
Audit the verification process.

The trust policy framework addresses these limitations by making confidence computation transparent and configurable.

Trust Policy Structure The appraisal-policy extension is added to verifier-metadata, identified by integer key 5. tstr, ; verifier-version ? 2 => tstr, ; verifier-uri ? 3 => [+ bstr], ; verifier-cert-chain ? 4 => tstr, ; policy-id ? 5 => appraisal-policy, ; policy details } ; Complete appraisal policy specification appraisal-policy = { 1 => tstr, ; policy-uri 2 => tstr, ; policy-version 3 => trust-computation, ; computation-model 4 => [+ trust-factor], ; factors ? 5 => [+ trust-threshold], ; thresholds ? 6 => policy-metadata, ; metadata } ; How the final score is computed trust-computation = &( weighted-average: 1, ; Sum of (factor * weight) minimum-of-factors: 2, ; Min across all factors geometric-mean: 3, ; Nth root of product custom-formula: 4, ; Described in policy-uri ) ; Individual factor in trust computation trust-factor = { 1 => tstr, ; factor-name 2 => factor-type, ; type 3 => float32, ; weight (0.0-1.0) 4 => float32, ; observed-value 5 => float32, ; normalized-score (0.0-1.0) 6 => float32, ; contribution ? 7 => factor-evidence, ; supporting-evidence } factor-type = &( ; Chain-verifiable factors vdf-duration: 1, checkpoint-count: 2, jitter-entropy: 3, chain-integrity: 4, revision-depth: 5, ; Presence factors presence-rate: 10, presence-response-time: 11, ; Hardware factors hardware-attestation: 20, calibration-attestation: 21, ; Behavioral factors edit-entropy: 30, monotonic-ratio: 31, typing-rate-consistency: 32, ; External factors anchor-confirmation: 40, anchor-count: 41, ; Collaboration factors collaborator-attestations: 50, contribution-consistency: 51, ) ; Evidence supporting a factor score factor-evidence = { ? 1 => float32, ; raw-value ? 2 => float32, ; threshold-value ? 3 => tstr, ; computation-notes ? 4 => [uint, uint], ; checkpoint-range } ; Threshold requirements for pass/fail determination trust-threshold = { 1 => tstr, ; threshold-name 2 => threshold-type, ; type 3 => float32, ; required-value 4 => bool, ; met ? 5 => tstr, ; failure-reason } threshold-type = &( minimum-score: 1, ; Score must be >= value minimum-factor: 2, ; factor >= value required-factor: 3, ; factor present maximum-caveats: 4, ; caveats <= value ) policy-metadata = { ? 1 => tstr, ; policy-name ? 2 => tstr, ; policy-description ? 3 => tstr, ; policy-authority ? 4 => pop-timestamp, ; policy-effective-date ? 5 => [+ tstr], ; applicable-domains } ]]>

Trust Computation Models

Weighted Average Model The most common computation model, where each factor contributes proportionally to its weight:

Minimum-of-Factors Model A conservative model where the overall score is limited by the weakest factor: This model is appropriate when any weakness should disqualify the Evidence, such as forensic or legal contexts.

Geometric Mean Model A balanced model that penalizes outliers more than weighted average but less than minimum:

Factor Normalization Raw factor values must be normalized to the [0.0, 1.0] range for consistent computation. Normalization functions depend on the factor type:

Threshold Normalization = threshold: normalized = 1.0 else: normalized = raw_value / threshold Example: vdf-duration with 3600s threshold raw_value = 2700s normalized = 2700 / 3600 = 0.75 ]]>

Range Normalization

Binary Normalization

Predefined Policy Profiles This specification defines several policy profiles for common use cases. Implementations MAY support these profiles by URI: Predefined Policy Profiles

Profile URI	Description	Key Characteristics
urn:ietf:params:pop:policy:basic	Basic verification	Chain integrity only
urn:ietf:params:pop:policy:academic	Academic submission	Weighted average, presence required
urn:ietf:params:pop:policy:legal	Legal proceedings	Minimum model, hardware required
urn:ietf:params:pop:policy:publishing	Publishing workflow	Weighted average, VDF emphasized

Trust Policy Example Academic policy applied to a Standard tier Evidence packet:

Compact Evidence References This section defines a compact representation of Evidence that can be embedded in metadata fields, QR codes, or other space-constrained contexts. Compact Evidence References provide a cryptographic link to full Evidence packets without requiring the full packet to be transmitted.

Motivation Full Evidence packets can be large (kilobytes to megabytes), making them unsuitable for embedding in:

Document metadata (PDF XMP, EXIF, Office custom properties)
Version control commit messages
QR codes or NFC tags
Social media posts or profile fields
DNS TXT records or other protocol headers

A Compact Evidence Reference provides "proof at a glance" that links to the full Evidence packet for complete verification. The reference is cryptographically bound to the Evidence, preventing tampering without detection.

Compact Reference Structure The Compact Evidence Reference uses a dedicated CBOR tag to distinguish it from full Evidence packets. uuid, ; packet-id 2 => hash-value, ; chain-hash 3 => hash-value, ; document-hash 4 => compact-summary, ; summary 5 => tstr, ; evidence-uri 6 => cose-signature, ; compact-signature ? 7 => compact-metadata, ; metadata } compact-summary = { 1 => uint, ; checkpoint-count 2 => uint, ; total-chars 3 => duration, ; total-vdf-time 4 => uint, ; evidence-tier (1-4) ? 5 => forensic-assessment, ; verdict (if available) ? 6 => float32, ; confidence-score } compact-metadata = { ? 1 => tstr, ; author-name ? 2 => pop-timestamp, ; created ? 3 => tstr, ; verifier-name ? 4 => pop-timestamp, ; verified-at } ]]>

Compact Reference Signature The compact-signature binds all reference fields to prevent tampering: The signature type SHOULD be indicated by the key identifier or by the evidence-uri domain.

Verification of Compact References

Reference-Only Verification Without fetching the full Evidence packet, a verifier can:

Verify the compact-signature is valid.
Identify the signer (author, verifier, or service).
Check that evidence-uri is from a trusted source.
Display the compact-summary to the user.

This provides basic assurance that Evidence exists and was attested by a known party, without full verification.

Full Verification via URI For complete verification:

Fetch the Evidence packet from evidence-uri.
Verify that packet-id matches.
Verify that chain-hash matches the final checkpoint-hash.
Verify that document-hash matches the document-ref content-hash.
Perform full Evidence verification per this specification.
Verify that compact-summary values match the actual Evidence.

Discrepancies between the compact reference and the fetched Evidence MUST cause verification to fail.

Encoding Formats Compact Evidence References may be encoded in several formats depending on the embedding context:

CBOR Encoding The native format is CBOR with the 0x50505021 tag. This is the most compact binary representation, suitable for:

Binary metadata fields
Protocol messages
Database storage

Typical size: 150-250 bytes.

Base64 Encoding For text-only contexts, the CBOR bytes are base64url-encoded: The "pop-ref:" prefix enables detection and parsing. Typical size: 200-350 characters.

URI Encoding A URI scheme for direct linking: Clicking/scanning the URI opens the verification service with the compact reference pre-loaded.

QR Code Encoding For physical media, the URI or base64 encoding can be represented as a QR code:

Version 6 QR (41x41): Sufficient for ~150 byte references
Version 10 QR (57x57): Sufficient for ~300 byte references
Error correction level M recommended for print durability

Embedding Guidelines

PDF Documents

Git Commits

Image Files

Compact Reference Example Encoded size: approximately 220 bytes (CBOR), 295 characters (base64url).

Security Considerations This section consolidates security analysis for the witnessd Proof of Process specification. It references and extends the per-section security considerations defined in , , , , and . The specification adopts a quantified security approach: rather than claiming evidence is "secure" or "insecure" in absolute terms, security is expressed as cost asymmetries and tamper-evidence properties. This framing reflects the fundamental reality that sufficiently resourced adversaries can eventually forge any evidence; the goal is to make forgery economically irrational for most scenarios.

Threat Model The witnessd threat model defines three categories: adversary goals, assumed adversary capabilities, and explicitly out-of-scope adversaries.

Adversary Goals The specification defends against adversaries pursuing the following objectives:

Backdating Evidence:: Creating evidence that claims to document a process occurring earlier than it actually did. This attack is relevant when priority or timeline claims matter (e.g., intellectual property disputes, academic submissions with deadlines).
Fabricating Process:: Creating evidence for a document that was not actually authored through the claimed process. This includes generating evidence for documents created entirely by automated means, or evidence claiming gradual authorship for content that was produced in a single operation (paste, import, generation).
Transplanting Evidence:: Taking legitimate evidence from one authoring session and associating it with a different document. This attack attempts to transfer the credibility of genuine evidence to unrelated content.
Selective Disclosure:: Omitting checkpoints or evidence sections that would reveal unfavorable information (e.g., large paste operations, gaps in activity). This attack attempts to present a misleadingly favorable subset of the actual process.

Assumed Adversary Capabilities The specification assumes adversaries have the following capabilities:

Software Control:: The adversary has full control over software running on their device, including the ability to modify or replace the Attesting Environment. They can intercept, modify, or fabricate any software-generated data.
Commodity Hardware Access:: The adversary can acquire commodity computing hardware at market prices. They may have access to cloud computing resources and can rent substantial computational capacity.
Bounded Compute Resources:: The adversary's computational resources are bounded by economic constraints. They cannot instantaneously compute arbitrarily large numbers of VDF iterations. The time required for sequential computation cannot be circumvented with additional resources.
Algorithm Knowledge:: The adversary has complete knowledge of all algorithms and protocols used by the specification. Security does not depend on obscurity; the specification is public.
Statistical Sophistication:: The adversary can perform statistical analysis and may attempt to generate synthetic behavioral data that passes statistical tests.

Out-of-Scope Adversaries The specification explicitly does NOT defend against:

Nation-State Adversaries with HSM Compromise:: Adversaries capable of extracting keys from hardware security modules (TPM, Secure Enclave) through sophisticated physical attacks, side-channel analysis, or manufacturer compromise. Hardware attestation assumes HSM integrity.
Cryptographic Breakthrough:: Adversaries with access to novel cryptanalytic techniques that break SHA-256 collision resistance, ECDSA signature security, or other standard cryptographic primitives. The specification relies on established cryptographic assumptions.
Quantum Adversaries:: Adversaries with access to fault-tolerant quantum computers capable of executing Shor's algorithm (breaking RSA/ECDSA) or providing significant Grover speedups. Post-quantum considerations are noted in but full quantum resistance is not claimed.
Time Travel:: Adversaries capable of creating evidence at one point in time and presenting it as if created earlier, where external anchors are not available or have been compromised. External timestamp authorities are trusted for absolute time claims.
Coerced Authors:: Adversaries who coerce legitimate authors into producing evidence under duress. The specification documents process, not intent or consent.

The exclusion of these adversaries is not a weakness but a recognition of practical threat modeling. Evidence systems appropriate for defending against nation-state actors would impose costs and constraints unsuitable for general authoring scenarios.

Cryptographic Security The specification relies on established cryptographic primitives with well-understood security properties. This section documents the security assumptions and requirements for each cryptographic component.

Hash Function Security Hash functions are used throughout the specification for content binding, chain construction, entropy commitment, and VDF computation.

Required Properties:

Collision Resistance: It must be computationally infeasible to find two distinct inputs that produce the same hash output. This property ensures that different document states produce different content-hash values.
Preimage Resistance: Given a hash output, it must be computationally infeasible to find any input that produces that output. This property prevents adversaries from constructing documents that match a predetermined hash.
Second Preimage Resistance: Given an input and its hash, it must be computationally infeasible to find a different input with the same hash. This property prevents document substitution attacks.

Algorithm Requirements:

SHA-256 is RECOMMENDED and MUST be supported by all implementations. SHA-3-256 SHOULD be supported for algorithm agility. Hash functions with known weaknesses (MD5, SHA-1) MUST NOT be used.

Security Margin:

SHA-256 provides 128-bit security against collision attacks and 256-bit security against preimage attacks under classical assumptions. Grover's algorithm reduces these to 85-bit and 128-bit respectively under quantum assumptions. This margin is considered adequate for the specification's threat model.

Signature Security Digital signatures are used for checkpoint chain authentication, hardware attestation, calibration binding, and Attestation Result integrity.

COSE Algorithm Requirements:

Implementations MUST support COSE algorithm identifiers:

ES256 (ECDSA with P-256 and SHA-256): MUST support
ES384 (ECDSA with P-384 and SHA-384): SHOULD support
EdDSA (Ed25519): SHOULD support

RSA-based algorithms (PS256, RS256) MAY be supported for compatibility with legacy systems but are not recommended for new implementations due to larger signature sizes and post-quantum vulnerability.

Key Size Requirements:

Minimum key sizes for 128-bit security:

ECDSA: P-256 curve or larger
EdDSA: Ed25519 or Ed448
RSA: 3072 bits or larger

Signature Binding:

Signatures MUST bind to the complete payload being signed. Partial payload signatures (signing a subset of fields) create opportunities for field substitution attacks. The chain-mac field provides additional binding beyond the checkpoint signature.

VDF Security Verifiable Delay Functions provide the temporal security foundation of the specification. VDF security rests on the sequential computation requirement.

Sequential Computation:: The VDF output cannot be computed significantly faster than the specified number of sequential operations. For iterated hash VDFs, this reduces to the assumption that no algorithm computes H^n(x) faster than n sequential hash evaluations. No such algorithm is known for cryptographic hash functions.
Parallelization Resistance:: Additional computational resources (more processors, GPUs, ASICs) cannot reduce the wall-clock time required for VDF computation. The iterated hash construction is inherently sequential: each iteration depends on the previous output. See for detailed analysis.
Verification Soundness:: For iterated hash VDFs, verification is by recomputation. The Verifier executes the same computation and compares results. This provides perfect soundness: a claimed output that differs from the actual computation will always be detected. For succinct VDFs (, ), verification relies on the cryptographic hardness of the underlying problem (RSA group or class group). Soundness is computational rather than perfect.

Key Management Proper key management is essential for maintaining evidence integrity.

Hardware-Bound Keys:

When available, signing keys SHOULD be bound to hardware security modules (TPM, Secure Enclave). Hardware binding provides:

Key non-exportability: Private keys cannot be extracted from the device
Device binding: Evidence can be tied to a specific physical device
Tamper resistance: Key compromise requires physical attack

Session Keys:

The checkpoint-chain-key used for chain-mac computation SHOULD be derived uniquely for each session. Key derivation SHOULD use HKDF (RFC 5869) with domain separation:

Key Rotation:

Device keys SHOULD be rotated periodically (RECOMMENDED: annually) or upon suspected compromise. Evidence packets created with revoked keys SHOULD be flagged during verification.

Attesting Environment Trust The Attesting Environment (AE) is the witnessd-core software running on the author's device. Understanding what the AE is trusted for, and what it is NOT trusted for, is essential for correct interpretation of evidence.

What the AE Is Trusted For The AE is trusted to perform accurate observation and honest reporting of the specific data it captures:

Accurate Timing Measurement:: The AE is trusted to accurately measure inter-keystroke intervals and other timing data. This does not require trusting the content of keystrokes, only the timing between events.
Correct Hash Computation:: The AE is trusted to correctly compute cryptographic hashes of document content. Verification can detect incorrect hashes, but cannot detect if the AE computed a hash of different content than claimed.
VDF Execution:: The AE is trusted to actually execute VDF iterations rather than fabricating outputs. This trust is partially verifiable: VDF outputs can be recomputed, but the claimed timing cannot be independently verified without calibration attestation.
Monitoring Events (for monitoring-dependent claims):: For claims in the monitoring-dependent category (types 16-63), the AE is trusted to have actually observed and reported the events (or non-events) it claims. This trust is documented in the ae-trust-basis field.

What the AE Is NOT Trusted For The specification explicitly does NOT rely on AE trust for the following:

Content Judgment:: The AE makes no claims about document quality, originality, accuracy, or appropriateness. Evidence documents process, not content merit.
Intent Inference:: The AE makes no claims about why the author performed specific actions, what the author was thinking, or whether the author intended to deceive. Evidence documents observable behavior, not mental states.
Authorship Attribution:: The AE makes no claims about who was operating the device. The evidence shows that input events occurred on a device; it does not prove that a specific individual produced those events.
Cognitive Process:: Behavioral patterns consistent with human typing do not prove human cognition. An adversary could theoretically program input patterns that mimic human timing while the content originates elsewhere. The Jitter Seal makes this costly, not impossible.

Hardware Attestation Role Hardware attestation increases AE trust by binding evidence to verified hardware:

(Linux, Windows):: Provides platform integrity measurement (PCRs), key sealing to platform state, and hardware-bound signing keys. TPM attestation proves that the AE was running on a specific device in a specific configuration.
Secure Enclave (macOS, iOS):: Provides hardware-bound key generation and signing operations. Keys generated in the Secure Enclave cannot be exported, binding signatures to the specific device.
Attestation Limitations:: Hardware attestation proves the signing key is hardware-bound; it does not prove the AE software is unmodified. Full AE integrity would require secure boot attestation and runtime integrity measurement, which are platform-specific and not universally available.

Compromised AE Scenarios Understanding the impact of AE compromise is essential for risk assessment:

Modified AE Software:

An adversary running modified AE software can fabricate any monitoring-dependent claims (types 16-63). Chain-verifiable claims (types 1-15) remain bound by VDF computational requirements even with modified software.

Fake Calibration:

Modified software could report artificially slow calibration rates, making subsequent VDF computations appear to take longer than they actually did. This attack is mitigated by:

Hardware-signed calibration attestation (when available)
Plausibility checks based on device class
External anchor cross-validation

Fabricated Jitter Data:

Modified software could generate synthetic timing data that mimics human patterns. The cost of this attack is bounded by:

Real-time generation requirement (VDF entanglement)
Statistical consistency across checkpoints
Entropy threshold requirements

See for quantified bounds on simulation attacks.

Mitigation Summary:

AE compromise cannot reduce the VDF computational requirement or bypass the sequential execution constraint. Compromise enables fabrication of monitoring data but does not eliminate the time cost of forgery. The forgery-cost-section quantifies the minimum resources required even with full software control.

Verification Security The verification process must be secure against both malicious Evidence and malicious Verifiers.

Verifier Independence Evidence verification is designed to be independent of the Attester:

No Shared State:: Verification requires no communication with or data from the Attester beyond the Evidence packet itself. A Verifier with only the .pop file can perform complete verification.
Adversarial Verification:: A skeptical Verifier can appraise Evidence without trusting any claims made by the Attester. All cryptographic proofs are included and can be recomputed independently.
Multiple Independent Verifiers:: Multiple Verifiers appraising the same Evidence should reach consistent results for chain-verifiable claims. Monitoring- dependent claims may receive different confidence assessments based on Verifier policies.

Sampling Strategies for Large Evidence Packets Evidence packets may contain thousands of checkpoints. Full verification of all VDF proofs may be impractical. Verifiers MAY use sampling strategies:

Boundary Verification:: Always verify the first and last checkpoints fully. This confirms the chain endpoints.
Random Sampling:: Randomly select checkpoints for full VDF verification. If any sampled checkpoint fails, reject the entire Evidence. Probability of detecting a single invalid checkpoint with k samples from n checkpoints: 1 - (1 - 1/n)^k.
Chain Linkage Verification:: Verify prev-hash linkage for ALL checkpoints (computationally cheap). This ensures no checkpoints were removed or reordered.
Anchor-Bounded Verification:: If external anchors are present, prioritize verification of checkpoints adjacent to anchors. External timestamps bound the timeline at anchor points.
Sampling Disclosure:: Attestation Results SHOULD disclose the sampling strategy used and the number of checkpoints fully verified. Relying Parties can assess whether the sampling provides adequate confidence for their use case.

External Anchor Verification External anchors (RFC 3161 timestamps, blockchain proofs) provide absolute time binding but introduce additional trust requirements:

Timestamp Authority Trust:

Timestamps per require trust in the Time Stamping Authority (TSA). Verifiers SHOULD use TSAs with published policies and audit records. Multiple TSAs MAY be used for redundancy.

Blockchain Anchor Verification:

Blockchain-based anchors require access to blockchain data (directly or via APIs). Verifiers SHOULD verify:

The transaction containing the anchor is confirmed
Sufficient confirmations for the security level required
The anchor commitment matches the expected checkpoint data

Anchor Freshness:

Anchors prove that Evidence existed at the anchor time; they do not prove Evidence was created at that time. An adversary could create Evidence, wait, then obtain an anchor. This is mitigated by anchor coverage requirements (multiple anchors throughout the session).

Protocol Security This section addresses protocol-level attacks and mitigations, drawing on the per-section security analyses.

Replay Attack Prevention Replay attacks attempt to reuse valid evidence components in invalid contexts. Multiple mechanisms prevent replay:

Nonce Binding:: Session entropy (random 256-bit seed) is incorporated into the genesis checkpoint VDF input. This prevents precomputation of VDF outputs before a session begins.
Chain Binding:: Each checkpoint includes prev-hash, binding it to the specific chain history. Checkpoints cannot be transplanted between chains without invalidating the hash linkage. See for jitter-specific replay prevention.
Sequence Binding:: Checkpoint sequence numbers MUST be strictly monotonic. Duplicate or out-of-order sequence numbers indicate manipulation.
Content Binding:: VDF inputs incorporate content-hash, binding temporal proofs to specific document states. Evidence for one document cannot be transferred to another without VDF recomputation.

Transplant Attack Prevention Transplant attacks attempt to associate legitimate evidence from one context with content from another context:

Content-VDF Binding:: The VDF input includes content-hash: Changing the document content requires recomputing all subsequent VDF proofs.
Jitter-VDF Binding:: The jitter-commitment is entangled with VDF input. Transplanting jitter data from another session is infeasible because it would require the original VDF output (which depends on different content) or recomputing the entire VDF chain with new jitter (which requires capturing new behavioral entropy in real time).
Chain MAC:: The chain-mac field HMAC-binds checkpoints to the session's chain-key: Without the chain-key, an adversary cannot construct valid chain-mac values for transplanted checkpoints.

Backdating Attack Costs Backdating creates evidence claiming a process occurred earlier than it actually did. The cost of backdating is quantified by the VDF recomputation requirement:

VDF Recomputation:: To backdate evidence by inserting or modifying checkpoints at position P, the adversary must recompute all VDF proofs from position P forward. This requires: = sum(iterations[i]) / adversary_vdf_rate for i = P to N ]]> where N is the final checkpoint. Backdating by a significant amount (hours or days) requires proportional wall-clock time.
External Anchor Constraints:: If external anchors exist in the chain, backdating is constrained to the interval between anchors. An adversary cannot backdate before an anchor without also forging the external timestamp.
Cost Quantification:: The forgery-cost-section provides explicit cost bounds for backdating attacks, including compute costs, time costs, and economic estimates.

Omission Attack Prevention Omission attacks selectively remove checkpoints to hide unfavorable evidence:

Sequence Verification:: Checkpoint sequence numbers MUST be consecutive. Missing sequence numbers indicate omission. Verifiers MUST reject chains with non-consecutive sequences.
Hash Chain Integrity:: Removing a checkpoint breaks the hash chain (subsequent checkpoint's prev-hash will not match). Repairing the chain requires recomputing all subsequent checkpoint hashes and VDF proofs.
Completeness Claims:: The checkpoint-chain-complete absence claim (type 6) explicitly asserts that no checkpoints were omitted. This claim is chain-verifiable.

Operational Security Security of the overall system depends on proper operational practices beyond the protocol specification.

Key Lifecycle Management

Key Generation:

Device keys SHOULD be generated within hardware security modules when available. Software-generated keys MUST use cryptographically secure random number generators.

Key Storage:

Private keys SHOULD be stored in platform-appropriate secure storage:

macOS: Secure Enclave or Keychain
Linux: TPM or system keyring
Windows: TPM or DPAPI

Keys MUST NOT be stored in plaintext in the filesystem.

Key Rotation:

Organizations SHOULD establish key rotation policies. RECOMMENDED rotation interval: annually or upon personnel changes. Evidence packets created with revoked keys SHOULD receive reduced confidence scores.

Key Revocation:

Mechanisms for key revocation are outside the scope of this specification but SHOULD be considered for deployment. Certificate revocation lists (CRLs) or OCSP may be appropriate for managed environments.

Evidence Packet Storage and Transmission

Integrity Protection:

Evidence packets are self-protecting through cryptographic binding. Additional encryption is not required for integrity but MAY be applied for confidentiality.

Confidentiality Considerations:

Evidence packets contain document hashes and behavioral data. While content is not included, statistical information about the authoring process is present. Transmission over untrusted networks SHOULD use TLS 1.3 or equivalent.

Archival Storage:

Evidence packets intended for long-term storage SHOULD be:

Stored with redundancy (multiple copies, geographic distribution)
Protected against bit rot (checksums, error-correcting codes)
Associated with necessary verification materials (public keys, anchor confirmations)

Retention Policies:

Organizations SHOULD establish retention policies balancing evidentiary value against privacy considerations. Jitter data has privacy implications; retention beyond the verification period may not be necessary or desirable.

Verifier Policy Considerations

Minimum Requirements:

Verifiers SHOULD establish minimum requirements for acceptable Evidence:

Minimum evidence tier (Basic, Standard, Enhanced, Maximum)
Minimum VDF duration relative to claimed authoring time
Minimum entropy threshold
Required absence claims for specific use cases

Confidence Thresholds:

Verifiers SHOULD define confidence thresholds for acceptance:

Low-stakes: confidence >= 0.3 may be acceptable
Standard: confidence >= 0.5 typical requirement
High-stakes: confidence >= 0.7 recommended
Litigation: confidence >= 0.8 with Maximum tier

Caveat Handling:

Verifiers SHOULD define how caveats affect acceptance decisions. Some caveats may be disqualifying for specific use cases (e.g., "no hardware attestation" may be unacceptable for high-stakes verification).

Limitations and Non-Goals This section explicitly documents what the specification does NOT protect against and what it does NOT claim to achieve.

Attacks Not Protected Against

Collusion:: If the author and a third party collude (e.g., the author provides their device credentials to another person who types while the author is credited), the Evidence will show a legitimate-looking process. The specification documents observable behavior, not identity.
Pre-Prepared Content:: An author could slowly type pre-prepared content, creating Evidence of a gradual process for content that already existed. The specification documents that typing occurred, not that thinking occurred during typing.
External Input Devices:: Input from devices not monitored by the AE (e.g., hardware keystroke injectors, remote desktop from unmonitored machines) may not be distinguishable from local input. Hardware-level input verification is outside scope.
Social Engineering:: Attacks that manipulate Relying Parties into accepting inappropriate Evidence (e.g., convincing a reviewer that weak Evidence is sufficient) are outside scope.

The Honest Author Assumption The specification fundamentally documents PROCESS, not INTENT:

Evidence Shows What Happened:: Evidence shows that input events occurred with specific timing patterns, that VDF computation required certain time, that document states changed in sequence. Evidence does not show why any of this happened.
Process != Cognition:: Evidence that an author typed content gradually does not prove the author thought of that content. The author could have been transcribing, copying from memory, or following dictation.
Behavioral Consistency:: The correct interpretation of Evidence is "behavioral consistency": the observable process was consistent with the claimed process. This is weaker than "authorship proof" but is verifiable and falsifiable.

Content-Agnostic By Design The specification is deliberately content-agnostic:

No Semantic Analysis:: Evidence contains document hashes, not content. The specification makes no claims about what was written, only how it was written.
No Quality Assessment:: Evidence does not indicate whether content is good, original, accurate, or valuable. Strong Evidence can accompany poor content; excellent content can have weak Evidence.
No AI Detection:: The specification explicitly does NOT claim to detect whether content was "written by AI" or "written by a human" in terms of content origin. It documents the observable INPUT process, which is distinct from content generation.
Privacy Benefit:: Content-agnosticism is a privacy feature. Evidence can be verified without accessing the document content, enabling verification of confidential documents.

Comparison to Related Work This section compares the security model of witnessd Proof of Process to related attestation and timestamping systems.

Comparison to Traditional Timestamping Traditional timestamping () proves that a document existed at a point in time. Proof of Process provides additional properties:

Property	RFC 3161	Proof of Process
Existence proof	Yes (point in time)	Yes (continuous)
Process documentation	No	Yes
Behavioral evidence	No	Yes (jitter)
Temporal ordering	No (independent timestamps)	Yes (VDF chain)
Third-party trust	Required (TSA)	Optional (anchors)
Local generation	No (requires TSA interaction)	Yes

Proof of Process is complementary to timestamping. External anchors (including RFC 3161 timestamps) provide absolute time binding that strengthens VDF-based relative ordering.

Comparison to Code Signing Code signing attests to the identity of the signer and integrity of the signed artifact. Proof of Process serves different goals:

Property	Code Signing	Proof of Process
Identity binding	Strong (PKI)	Weak (device-bound)
Artifact integrity	Yes	Yes (hash binding)
Creation process	No	Yes
Temporal properties	Timestamp only	Duration, ordering
Use case	Software distribution	Authoring documentation

Code signing establishes "who signed this"; Proof of Process establishes "how this was created." The two could be combined for comprehensive provenance documentation.

Relationship to RATS Security Model Proof of Process implements an application-specific profile of the RATS architecture . Key security model alignments:

Evidence vs. Attestation Results:: The separation between .pop (Evidence) and .war (Attestation Result) files follows the RATS distinction. Evidence is produced by the Attester; Attestation Results by the Verifier.
Appraisal Policy:: RATS defines Appraisal Policy for Evidence as the Verifier's rules for evaluating Evidence. The absence-claim thresholds and confidence-level requirements serve this role in Proof of Process.
Background Check vs. Passport Model:: Proof of Process supports both RATS models. The "passport model" applies when the author obtains a .war file and presents it to Relying Parties. The "background check model" applies when the Relying Party verifies the .pop file directly or through a trusted Verifier.
Freshness:: RATS freshness mechanisms (nonces, timestamps) align with the session-entropy and external-anchor mechanisms in Proof of Process. VDF proofs provide an additional freshness dimension: evidence of elapsed time.
Endorsements and Reference Values:: Hardware attestation in the hardware-section corresponds to RATS Endorsements. Calibration data serves as Reference Values for VDF timing verification.

For RATS-specific security guidance, implementers should also consult the RATS security considerations in Section 11.

Security Properties Summary This section summarizes the security properties provided by the specification:

Properties Provided

Tamper-Evidence:: Modifications to Evidence packets are detectable through cryptographic verification. The hash chain, VDF entanglement, and MAC bindings ensure that alteration invalidates the Evidence.
Cost-Asymmetric Forgery:: Producing counterfeit Evidence requires resources (time, compute, entropy generation) disproportionate to legitimate Evidence creation. The forgery-cost-section quantifies these requirements.
Independent Verifiability:: Evidence can be verified by any party without access to the original device, without trust in the Attester's infrastructure, and without network connectivity (except for external anchors).
Privacy by Construction:: Document content is never stored in Evidence. Behavioral data is aggregated before inclusion. The specification enforces privacy through structural constraints, not policy.
Temporal Ordering:: VDF chain construction provides unforgeable relative ordering of checkpoints. External anchors provide absolute time binding.
Behavioral Binding:: Jitter Seal entanglement binds captured behavioral entropy to the checkpoint chain, making Evidence transplantation infeasible.

Properties NOT Provided

Tamper-Proof:: Evidence CAN be forged given sufficient resources. The specification makes forgery costly, not impossible.
Identity Proof:: Evidence does NOT prove who operated the device. It proves that input events occurred on a device, not that a specific person produced them.
Intent Proof:: Evidence does NOT prove why actions occurred. Observable behavior is documented; mental states are not.
Content Origin Proof:: Evidence does NOT prove where ideas came from. The input process is documented; the cognitive source is not.
Absolute Certainty:: All security properties are bounded by explicit assumptions. No claim is made to be absolute, irrefutable, or guaranteed.

Privacy Considerations This section consolidates privacy analysis for the witnessd Proof of Process specification. It references and extends the per-section privacy considerations defined in , , and . Privacy is a core design goal of this specification, not an afterthought. The protocol implements privacy-by-construction: structural constraints that make privacy violations architecturally impossible, rather than relying on policy or trust. This approach follows the guidance of (Privacy Considerations for Internet Protocols).

Privacy by Construction The witnessd evidence model enforces privacy through architectural constraints that cannot be circumvented without fundamentally modifying the protocol.

No Document Content Storage Evidence packets contain cryptographic hashes of document states, never the document content itself. This is a structural invariant:

Content Hash Binding: The document-ref structure (CDDL key 5 in evidence-packet) contains only a hash-value of the final document content, the byte-length, and character count. The content itself is never included in the Evidence packet.
Checkpoint Content Hashes: Each checkpoint (key 4: content-hash) contains a hash of the document state at that point. An adversary with the Evidence packet but not the document cannot recover content from these hashes.
Edit Deltas Without Content: The edit-delta structure (key 7 in checkpoint) records chars-added, chars-deleted, insertions, deletions, and replacements as counts only. No information about what characters were added or deleted is included.

This design enables verification of process without revealing what was written, supporting confidential document workflows where the evidence must be verifiable but the content must remain private.

No Keystroke Capture The specification captures inter-event timing intervals without recording which keys were pressed:

Timing-Only Measurement: Jitter-binding captures millisecond intervals between input events. The interval "127ms" carries no information about whether the interval was between 'a' and 'b' or between 'x' and 'y'.
No Character Mapping: Timing intervals are stored in observation order without any association to specific characters, words, or semantic content.
No Keyboard Event Codes: Scan codes, virtual key codes, and other keyboard identifiers are not recorded. The specification treats all input events uniformly as timing sources.

This architecture ensures that even with complete access to an Evidence packet, no information about what was typed can be reconstructed.

No Screenshots or Screen Recording The specification explicitly excludes visual capture mechanisms:

No screenshot capture at checkpoints or any other time
No screen recording or video capture
No window title or application name logging
No clipboard content capture (only timing of clipboard events for monitoring-dependent absence claims, and only event counts, not content)

Visual content capture would fundamentally violate the content-agnostic design and is architecturally excluded.

Local Evidence Generation Evidence is generated entirely on the Attester device with no network dependency:

No Telemetry: The Attesting Environment does not transmit telemetry, analytics, or any behavioral data to external services.
No Cloud Processing: All cryptographic computations (hashing, VDF, signatures) occur locally. No document content or behavioral data is sent to cloud services for processing.
Optional External Anchors: The only network communication is optional: external anchors (RFC 3161, OpenTimestamps, blockchain) transmit only cryptographic hashes, never document content or behavioral data.

Users can generate and verify Evidence in fully air-gapped environments. External anchors enhance evidence strength but are not required.

Data Minimization Following Section 6.1, the specification minimizes data collection to what is strictly necessary for evidence generation and verification.

Data Collected The following data IS collected and included in Evidence packets:

Timing Histograms:: Inter-event timing intervals aggregated into histogram buckets (jitter-summary, key 3 in jitter-binding). Bucket boundaries are coarse (RECOMMENDED: 0, 50, 100, 200, 500, 1000, 2000, 5000ms) to prevent precise interval reconstruction.
Edit Statistics:: Character counts for additions, deletions, and edit operations (edit-delta structure). These are aggregate counts, not positional data.
Checkpoint Hashes:: Cryptographic hashes of document states at each checkpoint. One-way functions; content cannot be recovered.
VDF Proofs:: Verifiable Delay Function outputs proving minimum elapsed time. These are computational proofs, not behavioral data.
Optional: Raw Timing Intervals:: The raw-intervals field (key 5 in jitter-binding) MAY be included for enhanced verification. This is OPTIONAL and user-controlled. When omitted, only histogram aggregates are included.

Data NOT Collected The following data is explicitly NOT collected:

Document content (text, images, formatting)
Individual characters or words typed
Keyboard scan codes or key identifiers
Screenshots or visual captures
Screen recordings or video
Clipboard content (only event timing)
Window titles or application names
User names, email addresses, or identifiers (optional: author declaration is user-controlled)
IP addresses or network identifiers
Location data

Disclosure Levels The specification supports tiered disclosure through optional fields:

Level	Data Included	Privacy Impact
Minimal	Hashes, VDF proofs, histogram summaries only	Lowest
Standard	+ Presence challenges, forensics section	Low-Moderate
Enhanced	+ Raw timing intervals, keystroke section	Moderate
Maximum	+ Hardware attestation, absence claims	Higher

Users SHOULD select the minimum disclosure level that meets their verification requirements. Higher tiers provide stronger evidence at the cost of revealing more behavioral data.

Biometric-Adjacent Data Keystroke timing data, while not traditionally classified as biometric, has biometric-adjacent properties that warrant special consideration. This section addresses regulatory considerations and mitigation measures.

Identification Risks Research has demonstrated that keystroke dynamics can serve as a behavioral biometric:

Individual Identification: Detailed timing patterns can theoretically distinguish individuals with high accuracy across sessions.
State Detection: Timing variations may correlate with cognitive state, fatigue, stress, or physical condition.
Re-identification Risk: If an adversary has access to multiple Evidence packets from the same author, timing patterns might enable linkage across sessions even without explicit identity.

Mitigation Measures The specification implements several measures to reduce biometric-adjacent risks:

Histogram Aggregation:: By default, only histogram-aggregated timing data is included in Evidence packets. The RECOMMENDED bucket width of 50ms minimum significantly reduces the precision available for behavioral fingerprinting.
Bucket Granularity:: The RECOMMENDED bucket boundaries (0, 50, 100, 200, 500, 1000, 2000, 5000ms) capture statistically relevant patterns while preventing reconstruction of precise keystroke sequences. Implementations MAY use coarser buckets for enhanced privacy.
No Character Association:: Timing intervals have no mapping to specific characters. The pattern "fast-slow-fast" reveals rhythm without content.
Session Isolation:: Each Evidence packet is independent. Cross-session linkage requires access to multiple packets. The specification does not provide mechanisms for linking sessions.
Optional Raw Disclosure:: Raw timing intervals (key 5 in jitter-binding) are optional. Users concerned about biometric exposure can ensure this field is not populated.

Regulatory Considerations Implementations and deployments should consider applicable privacy regulations:

GDPR (EU/EEA):: Keystroke dynamics may constitute "special categories of personal data" under Article 9 if used for identification purposes. Implementations should document whether timing data is used for identification (prohibited without explicit consent) or solely for process evidence (may fall under different legal basis).
CCPA (California):: Biometric information is covered under CCPA Section 1798.140(b). Users have rights to know, delete, and opt-out. The local-only processing model simplifies compliance.
BIPA (Illinois):: Illinois Biometric Information Privacy Act has strict requirements for biometric data collection, including written policies and consent. Deployments in Illinois should consult legal counsel.

The specification's local-only processing model and user control over data disclosure support compliance, but legal interpretation varies by jurisdiction.

User Disclosure Requirements Implementations MUST inform users about behavioral data collection:

Clear notification that timing data is captured during authoring
Explanation of what timing data reveals and does not reveal
Disclosure of where Evidence packets may be transmitted
User control over disclosure levels (histogram-only vs. raw)
Instructions for disabling timing capture if desired
Process for reviewing and deleting captured data

These disclosures SHOULD be presented before Evidence generation begins, not buried in terms of service.

Salt Modes for Content Privacy The hash-salt-mode field (CDDL lines 164-168) enables privacy-preserving verification scenarios where document binding should not be globally verifiable.

Unsalted Mode (Value 0) Properties:

Anyone with the document can verify the binding
No additional secret required for verification
Document existence can be confirmed by any party with content

Use cases:

Public documents where verification should be open
Academic submissions where verifiers have document access
Published works where authorship claims should be checkable

Privacy implications: Anyone who obtains both the document and the Evidence packet can confirm the binding. If document confidentiality matters, consider salted modes.

Author-Salted Mode (Value 1) Properties:

Author generates and retains the salt
Evidence packet contains salt-commitment, not salt
Author selectively reveals salt to chosen verifiers
Without salt, document-hash relationship cannot be verified

Use cases:

Confidential documents where author controls verification
Selective disclosure to specific reviewers or institutions
Manuscripts under review before publication

Privacy implications: The author has exclusive control over who can verify the document binding. The salt should be stored securely; loss of salt means verification becomes impossible.

Third-Party Escrowed Mode (Value 2) Properties:

Salt is held by a trusted escrow service
Escrow releases salt under predefined conditions
Author cannot unilaterally control verification
Verification requires escrow cooperation

Use cases:

Legal submissions where court order triggers verification
Dispute resolution with neutral third-party control
Time-delayed disclosure (escrow releases at future date)
Contractual conditions for verification access

Privacy implications: Verification access is determined by escrow policy, not author discretion. Authors should understand escrow release conditions before selecting this mode.

Salt Security Considerations For salted modes:

Salts MUST be cryptographically random (minimum 256 bits)
Salts MUST NOT be derived from predictable values
Salt-commitment prevents brute-force guessing for short documents
Salt loss makes verification impossible; backup appropriately
Salt transmission should use secure channels

Identity and Pseudonymity The specification supports multiple identity postures, from fully anonymous to strongly identified, with user control over disclosure.

Anonymous Evidence Generation Evidence packets CAN be generated without any identity disclosure:

The declaration field (key 17 in evidence-packet) is OPTIONAL
Within declaration, author-name (key 3) and author-id (key 4) are both OPTIONAL
Device keys can be ephemeral, not linked to identity
Evidence proves process characteristics without revealing who

Anonymous evidence is suitable for contexts where process documentation matters but author identity is irrelevant or should remain confidential.

Pseudonymous Evidence Pseudonymous use links evidence to a consistent identifier without revealing real-world identity:

author-id can be a pseudonymous identifier
Device key provides cryptographic continuity without identity
Multiple works can be linked to same pseudonym if desired
Real identity can remain undisclosed

Pseudonymous evidence enables reputation building without identity exposure.

Identified Evidence For contexts requiring identity binding:

author-name and author-id can be populated with real identity
Declaration signature (key 6) binds identity claim to evidence
Hardware attestation can strengthen device-to-person binding
External identity verification is outside specification scope

Identity strength depends on the verification context, not the specification. The specification provides the mechanism for identity claims; verification of those claims is a deployment concern.

Device Binding Without User Identification Hardware attestation (hardware-section) binds evidence to a specific device without necessarily identifying the user:

Device keys are bound to hardware (TPM, Secure Enclave)
Evidence proves generation on a specific device
Device ownership is a separate question from evidence generation
Multiple users of same device produce device-linked evidence

Device binding strengthens evidence integrity without requiring user identification. It proves "this device" without proving "this person."

Data Retention and Deletion Following Section 6.2, this section addresses data lifecycle considerations.

Evidence Packet Lifecycle Evidence packets are designed as archival artifacts:

Creation:: Evidence accumulates during authoring session(s). Packet is finalized when authoring is complete.
Distribution:: Packet may be transmitted to Verifiers, stored alongside documents, or archived for future verification needs.
Retention:: Retention period depends on use case. Legal documents may require indefinite retention; other contexts may allow shorter periods.
Deletion:: Once distributed, deletion from all recipients may be impractical. Authors should consider disclosure scope before distribution.

User Rights to Deletion Users have the following deletion capabilities:

Local Data: Evidence stored locally can be deleted at any time by the author. Implementations SHOULD provide clear deletion mechanisms.
Distributed Evidence: Once Evidence is transmitted to Verifiers or Relying Parties, deletion depends on those parties' policies. The specification cannot enforce deletion of distributed data.
Attestation Results: .war files produced by Verifiers are controlled by Verifiers. Authors may request deletion under applicable privacy laws.

Authors should understand that distributing Evidence creates copies outside their control. Privacy-sensitive authors should limit distribution scope.

External Anchor Permanence External anchors have special retention characteristics:

RFC 3161 Timestamps:: TSA records may be retained by the timestamp authority per their policies. Typically includes the hash committed, not any document or behavioral data.
Blockchain Anchors:: Blockchain records are permanent and immutable by design. The anchored hash cannot be deleted from the blockchain. This is a feature for evidence permanence but has privacy implications.
OpenTimestamps:: OTS proofs reference Bitcoin transactions, which are permanent. The proof structure can be deleted locally, but the Bitcoin transaction remains.

Users concerned about data permanence should carefully consider whether to use blockchain-based external anchors. RFC 3161 timestamps offer similar evidentiary value with more conventional retention policies. IMPORTANT: Only cryptographic hashes are anchored, never document content or behavioral data. The permanent record is a hash, not the underlying information.

Third-Party Disclosure This section addresses what information is disclosed to various parties in the verification workflow, following Section 5.2 on disclosure.

Information Disclosed to Verifiers When an Evidence packet (.pop) is submitted for verification, the Verifier learns:

Document hash (content-hash) - NOT the content itself
Document size (byte-length, char-count)
Authoring timeline (checkpoint timestamps, VDF durations)
Behavioral statistics (timing histograms, entropy estimates)
Edit patterns (aggregate counts, not content)
Optional: Raw timing intervals if disclosed
Optional: Author identity if declared
Optional: Device attestation if included

Verifiers SHOULD NOT:

Retain Evidence packets beyond verification needs
Use behavioral data for purposes beyond verification
Attempt to re-identify anonymous authors from behavioral patterns
Share Evidence data with unauthorized parties

Implementations MAY define Verifier privacy policies that authors can review before submitting Evidence.

Information Disclosed to Relying Parties Relying Parties consuming Attestation Results (.war) learn:

Verification verdict (forensic-assessment)
Confidence score
Verified claims (specific thresholds met)
Caveats and limitations
Verifier identity
Reference to the original Evidence packet (packet-id)

The .war file is designed to provide necessary trust information without full Evidence disclosure. Relying Parties needing more detail can request the original .pop file.

Minimizing Disclosure Authors concerned about disclosure can:

Use minimal disclosure tier (histogram-only, no raw intervals)
Omit optional sections (keystroke-section, absence-section)
Use author-salted mode to control verification access
Omit declaration or use pseudonymous identity
Select Verifiers with strong privacy policies
Limit distribution to necessary Relying Parties

Cross-Session Correlation This section addresses risks of behavioral fingerprinting across sessions and mitigation measures.

Correlation Risks Multiple Evidence packets from the same author may enable linkage:

Behavioral Fingerprinting:: Keystroke timing patterns exhibit individual characteristics that persist across sessions. An adversary with multiple Evidence packets could potentially link them to the same author even without explicit identity.
Device Fingerprinting:: If device keys are reused across sessions, Evidence packets are cryptographically linkable. Hardware attestation makes this linkage explicit.
Stylometric Correlation:: Edit pattern statistics (though not content) may correlate with writing style. Combined with timing data, this could strengthen cross-session linkage.

Device Key Rotation To limit cross-session correlation via device keys:

Session Keys: Use per-session derived keys rather than a single device key. HKDF with session-specific info prevents direct linkage.
Periodic Rotation: Rotate device keys periodically (RECOMMENDED: annually). Evidence packets signed with different keys are not cryptographically linked.
Context-Specific Keys: Use different keys for different contexts (e.g., work vs. personal) to prevent cross-context linkage.

Session Isolation Properties The specification provides inherent session isolation:

Each Evidence packet has a unique packet-id (UUID)
VDF chains are session-specific (session entropy in genesis)
No protocol mechanism links sessions together
Jitter data is bound to specific checkpoint chains

Cross-session linkage requires external analysis, not protocol features. The specification does not provide linkage mechanisms.

Additional Mitigations Authors concerned about cross-session correlation can:

Use coarser histogram buckets to reduce timing precision
Omit raw-intervals field
Vary devices for different document contexts
Use different pseudonyms for different contexts
Limit Evidence distribution to minimize adversary access to multiple packets

Privacy Threat Analysis Following Section 5, this section analyzes specific privacy threats.

Surveillance The specification is designed to resist surveillance:

No content transmission prevents content-based surveillance
Local-only processing prevents network monitoring
Optional external anchors transmit only hashes
No telemetry or analytics collection

The primary surveillance risk is through Evidence packet distribution. Authors control this distribution.

Stored Data Compromise If Evidence packets are compromised:

Document content is NOT exposed (hash-only)
Behavioral patterns MAY be exposed (timing data)
Authoring timeline is exposed (timestamps)
If identity declared, author identity is exposed

Mitigation: Encrypt Evidence packets at rest. Use access controls for stored Evidence. Limit retention period where appropriate.

Correlation Correlation threats are addressed in . Key mitigations include key rotation, histogram aggregation, and distribution limiting.

Identification Re-identification threats:

Anonymous Evidence MAY be re-identifiable through behavioral patterns
Histogram aggregation significantly reduces this risk
Raw interval disclosure increases re-identification risk
Device attestation explicitly identifies devices

Authors requiring strong anonymity should use minimal disclosure tier without raw intervals and without device attestation.

Secondary Use Evidence data could theoretically be used for purposes beyond verification:

Behavioral analysis for profiling
Productivity monitoring
Training data for machine learning

Mitigation: The specification does not prevent secondary use by data recipients. Authors should consider Verifier and Relying Party policies before disclosure. Implementations MAY include usage restrictions in Evidence packet metadata.

Disclosure Unauthorized disclosure of Evidence packets:

Authors control initial distribution
Recipients may further distribute; specification cannot prevent
Salted modes limit utility of leaked Evidence
Anonymous Evidence limits identity exposure on leak

Authors should treat Evidence packets as potentially sensitive and limit distribution to trusted parties.

Exclusion The risk that authors cannot participate in systems if they decline Evidence generation:

Evidence generation is voluntary
Disclosure levels are user-controlled
Relying Parties may require Evidence for certain contexts
The specification does not mandate deployment contexts

Deployments should consider whether Evidence requirements create exclusionary effects and provide alternatives where appropriate.

Privacy Properties Summary This section summarizes the privacy properties provided and not provided by the specification.

Privacy Properties Provided

Content Confidentiality:: Document content is never stored in Evidence. Verification can occur without content access (using salted modes).
Keystroke Privacy:: Individual keystrokes are never recorded. Only timing intervals between events are captured, without character association.
Local Control:: All data processing occurs locally. No external services required for Evidence generation.
Disclosure Control:: Authors control Evidence distribution, disclosure level, and identity exposure.
Pseudonymity Support:: Evidence can be generated and verified without real-world identity disclosure.
Selective Verification:: Salted modes enable author-controlled verification access.

Privacy Limitations

Behavioral Data Exposure:: Timing data reveals behavioral patterns. While aggregated, this data has biometric-adjacent properties.
Distribution Not Controlled:: Once Evidence is distributed, the specification cannot control further dissemination or use.
Cross-Session Linkage Risk:: Multiple Evidence packets may be linkable through behavioral analysis, even with different identities.
External Anchor Permanence:: Blockchain anchors create permanent records that cannot be deleted.
Metadata Disclosure:: Evidence packets reveal document size, authoring timeline, and edit statistics even without content.

Recommendations for Privacy-Sensitive Deployments

Use minimal disclosure tier (histogram-only, no raw intervals)
Consider coarser histogram buckets for enhanced privacy
Use author-salted mode for confidential documents
Avoid blockchain anchors if deletion rights are important
Rotate device keys periodically
Limit Evidence distribution to necessary parties
Review Verifier privacy policies before submission
Consider pseudonymous identities where appropriate
Provide clear user disclosures about data collection
Implement data retention policies aligned with use case

IANA Considerations This document requests several IANA registrations to support interoperable implementations of the witnessd Proof of Process specification. The author has submitted an application for a Private Enterprise Number (PEN) assignment under the WritersLogic organization to support vendor-specific registrations.

CBOR Tags Registry This document requests the allocation of three dedicated 4-byte CBOR tags in the "CBOR Tags" registry . These tags form a coordinated suite of identifiers for the Proof of Process protocol. CBOR Tags Summary

Tag	Hex	ASCII	Data Item	Semantics
1347571280	0x50505020	"PPP "	map	Proof of Process Evidence Packet
1463894560	0x57415220	"WAR "	map	Writers Authenticity Report (Attestation Result)
1347571281	0x50505021	"PPP!"	map	Compact Evidence Reference

Tag for Proof of Process Packet (0x50505020) The tag value 1347571280 (hexadecimal 0x50505020) corresponds to the ASCII encoding of "PPP " and serves as a self-describing "Proof of Process Packet" identifier. This tag encapsulates a cryptographically anchored data structure used for digital authorship attestation. Unlike identity-only signatures, the Proof of Process format captures the authorship process through entangled Verifiable Delay Functions (VDFs) and human behavioral biometrics. A dedicated tag is required to enable zero-configuration identification and interoperability between authorship verification tools, academic repositories, and literary publishing platforms, providing a verifiable "forgery cost" to distinguish human-authored work from synthetic content. The tagged data item is a CBOR map conforming to the evidence-packet structure defined in .

Tag for Writers Authenticity Report (0x57415220) The tag value 1463894560 (hexadecimal 0x57415220) corresponds to the ASCII encoding of "WAR " and identifies Writers Authenticity Report structures. This tag encapsulates an Attestation Result produced by Verifiers after appraising Proof of Process Evidence Packets. The WAR format conveys verification verdicts, confidence scores, and forensic assessments following the IETF RATS (Remote ATtestation procedureS) architecture. A dedicated tag enables zero-configuration identification of attestation results, allowing Relying Parties to distinguish verification outcomes from raw evidence without content-type negotiation. The tagged data item is a CBOR map conforming to the attestation-result structure defined in .

Tag for Compact Evidence Reference (0x50505021) The tag value 1347571281 (hexadecimal 0x50505021) corresponds to the ASCII encoding of "PPP!" and identifies Compact Evidence Reference structures. This tag encapsulates a cryptographic pointer to a full Proof of Process Evidence Packet. Compact Evidence References are designed for embedding in space-constrained contexts such as document metadata (PDF XMP, EXIF), QR codes, NFC tags, git commit messages, and protocol headers. The compact reference contains the packet-id, chain-hash, document-hash, and a summary with a cryptographic signature binding all fields. A dedicated tag enables zero-configuration detection and verification of authorship claims without transmitting full evidence packets. The tagged data item is a CBOR map conforming to the compact-evidence-ref structure defined in .

Justification for Dedicated Tags The four-byte tag values were chosen for the following reasons:

Self-describing format: The ASCII-based mnemonics ("PPP ", "WAR ", "PPP!") enable immediate visual identification in hex dumps and debugging contexts.
Zero-configuration detection: Applications can identify Proof of Process data without prior context or content-type negotiation.
Interoperability: Standardized tags enable diverse implementations (academic systems, publishing platforms, verification services) to recognize and process data without coordination.
Compact encoding: Despite being 4-byte tags, CBOR's efficient encoding minimizes overhead for these application-specific semantic markers.

Entity Attestation Token Profiles Registry This document requests registration of an EAT profile in the "Entity Attestation Token Profiles" registry established by . EAT Profile Registration

Profile URI	Description	Reference
https://example.com/rats/eat/profile/pop/1.0	witnessd Proof of Process Evidence Profile	[this document]

Note: The URI https://example.com/rats/eat/profile/pop/1.0 is provisional during individual submission. Upon working group adoption, registration of an IANA-hosted profile URI will be requested (e.g., urn:ietf:params:rats:eat:profile:pop:1.0). The profile defines the following characteristics:

Profile Version:: 1.0
Applicable Claims:: All standard EAT claims per , plus the custom claims defined in .
Evidence Format:: CBOR-encoded evidence-packet structure with semantic tag 1347571280.
Attestation Result Format:: CBOR-encoded attestation-result structure with semantic tag 1463894560.
Domain:: Document authorship process attestation, behavioral evidence for content provenance.

CBOR Web Token Claims Registry This document requests registration of custom claims in the "CBOR Web Token (CWT) Claims" registry . These claims are used within EAT Attestation Results to convey witnessd-specific assessment data. Initial registration is requested in the private-use range (-70000 to -70010) to enable early implementation. Upon standards track advancement, permanent positive claim keys will be requested. Custom CWT Claims Registration

Claim Name	Claim Key	Claim Value Type	Claim Description	Reference
pop-forensic-assessment	-70000	unsigned integer	Forensic assessment enumeration value (0-5) indicating the Verifier's assessment of behavioral evidence consistency with human authorship patterns.	[this document]
pop-presence-score	-70001	float32	Presence challenge response score in range [0.0, 1.0] representing the ratio of successfully completed human presence challenges.	[this document]
pop-evidence-tier	-70002	unsigned integer	Evidence tier classification (1-4) indicating the comprehensiveness of evidence collected: 1=Basic, 2=Standard, 3=Enhanced, 4=Maximum.	[this document]
pop-ai-composite-score	-70003	float32	AI indicator composite score in range [0.0, 1.0] derived from behavioral forensic analysis. Lower values indicate patterns more consistent with human authorship.	[this document]

The forensic-assessment enumeration values for pop-forensic-assessment are defined as: Forensic Assessment Enumeration Values

Value	Name	Description
0	not-assessed	Verification incomplete or not attempted
1	strongly-human	Evidence strongly indicates human authorship patterns
2	likely-human	Evidence consistent with human authorship patterns
3	inconclusive	Evidence neither confirms nor refutes claims
4	likely-ai-assisted	Evidence suggests AI assistance in authorship
5	strongly-ai-generated	Evidence strongly indicates AI generation

New Registries This document requests IANA to create three new registries under a new "witnessd Proof of Process" registry group.

Proof of Process Claim Types Registry This document requests creation of the "Proof of Process Claim Types" registry. This registry contains the identifiers for absence claims that can be asserted and verified in Evidence packets.

Registration Procedures The registration procedures for this registry depend on the claim type range: Claim Types Registration Procedures

Range	Category	Registration Procedure
1-15	Chain-verifiable claims	Specification Required
16-63	Monitoring-dependent claims	Specification Required
64-127	Environmental claims	Expert Review
128-255	Private use	First Come First Served

Chain-verifiable claims (1-15) are claims that can be proven solely from the Evidence packet without trusting the Attesting Environment beyond data integrity. These claims require a published specification demonstrating verifiability. Monitoring-dependent claims (16-63) require trust in the Attesting Environment's accurate reporting of monitored events. Specifications MUST document the trust assumptions. Environmental claims (64-127) relate to the execution environment or external conditions. Expert review ensures claims are well-defined and implementable. Private use claims (128-255) are available for implementation-specific extensions without coordination.

Registration Template Registrations MUST include the following fields:

Claim Type Value:: Integer identifier in the appropriate range
Claim Name:: Human-readable name (lowercase with hyphens)
Category:: One of: chain-verifiable, monitoring-dependent, environmental, or private-use
Description:: Brief description of what the claim asserts
Verification Method:: How the claim is verified (for non-private-use claims)
Reference:: Document defining the claim

Initial Registry Contents The initial contents of the "Proof of Process Claim Types" registry are as follows:

Chain-Verifiable Claims (1-15) Chain-Verifiable Claim Types

Value	Name	Description	Reference
1	max-single-delta-chars	Maximum characters added in any single checkpoint delta	[this document]
2	max-single-delta-bytes	Maximum bytes added in any single checkpoint delta	[this document]
3	max-net-delta-chars	Maximum net character change across the entire chain	[this document]
4	min-vdf-duration-seconds	Minimum total VDF-proven elapsed time in seconds	[this document]
5	min-vdf-duration-per-kchar	Minimum VDF-proven time per thousand characters	[this document]
6	checkpoint-chain-complete	Checkpoint chain has no gaps (all sequence numbers present)	[this document]
7	checkpoint-chain-consistent	All checkpoint hashes and VDF linkages verify correctly	[this document]
8	jitter-entropy-above-threshold	Captured jitter entropy exceeds specified bits threshold	[this document]
9	jitter-samples-above-count	Number of jitter samples exceeds specified count	[this document]
10	revision-points-above-count	Number of revision points (non-monotonic edits) exceeds threshold	[this document]
11	session-count-above-threshold	Number of distinct editing sessions exceeds threshold	[this document]
12-15	Unassigned	Reserved for future chain-verifiable claims	[this document]

Monitoring-Dependent Claims (16-63) Monitoring-Dependent Claim Types

Value	Name	Description	Reference
16	max-paste-event-chars	Maximum characters in any single paste event	[this document]
17	max-clipboard-access-chars	Maximum total characters accessed from clipboard	[this document]
18	no-paste-from-ai-tool	No paste operations from known AI tool applications	[this document]
19	Unassigned	Reserved	[this document]
20	max-insertion-rate-wpm	Maximum sustained insertion rate in words per minute	[this document]
21	no-automated-input-pattern	No detected automated or scripted input patterns	[this document]
22	no-macro-replay-detected	No keyboard macro replay patterns detected	[this document]
23-31	Unassigned	Reserved for input-related claims	[this document]
32	no-file-import-above-bytes	No file imports exceeding specified byte threshold	[this document]
33	no-external-file-open	No external files opened during editing session	[this document]
34-39	Unassigned	Reserved for file-related claims	[this document]
40	no-concurrent-ai-tool	No known AI tool application running concurrently	[this document]
41	no-llm-api-traffic	No detected network traffic to known LLM API endpoints	[this document]
42-47	Unassigned	Reserved for AI-detection claims	[this document]
48	max-idle-gap-seconds	Maximum idle gap within session does not exceed threshold	[this document]
49	active-time-above-threshold	Total active editing time exceeds specified threshold	[this document]
50-63	Unassigned	Reserved for timing-related claims	[this document]

Proof of Process VDF Algorithms Registry This document requests creation of the "Proof of Process VDF Algorithms" registry. This registry contains identifiers for Verifiable Delay Function algorithms used in Evidence packets.

Registration Procedures VDF Algorithms Registration Procedures

Range	Category	Registration Procedure
1-15	Iterated hash VDFs	Standards Action
16-31	Succinct VDFs	Standards Action
32-63	Experimental	Expert Review

Iterated hash VDFs (1-15) are algorithms where verification requires recomputation. Standards Action ensures thorough security analysis. Succinct VDFs (16-31) are algorithms with efficient verification (e.g., , ). Standards Action ensures cryptographic soundness. Experimental algorithms (32-63) may be registered with Expert Review for research and interoperability testing. Production use requires promotion to Standards Action ranges.

Registration Template Registrations MUST include the following fields:

Algorithm Value:: Integer identifier in the appropriate range
Algorithm Name:: Human-readable name
Category:: One of: iterated-hash, succinct, or experimental
Parameters:: Required CDDL structure for algorithm parameters
Verification Complexity:: Asymptotic verification complexity
Security Assumptions:: Cryptographic assumptions for security
Reference:: Document specifying the algorithm

Initial Registry Contents VDF Algorithms Initial Values

Value	Name	Category	Verification	Reference
1	iterated-sha256	iterated-hash	O(n)	[this document]
2	iterated-sha3-256	iterated-hash	O(n)	[this document]
3-15	Unassigned	iterated-hash	-	[this document]
16	pietrzak-rsa2048	succinct	O(log n)	[this document]
17	wesolowski-rsa2048	succinct	O(1)	[this document]
18	pietrzak-class-group	succinct	O(log n)	[this document]
19	wesolowski-class-group	succinct	O(1)	[this document]
20-31	Unassigned	succinct	-	[this document]
32-63	Unassigned	experimental	-	[this document]

The iterated hash algorithms use the iterated-hash-params CDDL structure (keys 1-2). The succinct algorithms use the succinct-vdf-params CDDL structure (keys 10-11). See for detailed specifications.

Proof of Process Entropy Sources Registry This document requests creation of the "Proof of Process Entropy Sources" registry. This registry contains identifiers for behavioral entropy sources used in Jitter Seal bindings.

Registration Procedures The registration procedure for this registry is Specification Required. Registrations MUST include a specification describing:

The input modality or behavioral signal being captured
The method for converting the signal to timing intervals
Privacy implications of capturing this entropy source
Expected entropy density (bits per sample) under typical conditions

Registration Template Registrations MUST include the following fields:

Source Value:: Integer identifier
Source Name:: Human-readable name (lowercase with hyphens)
Description:: Brief description of the entropy source
Privacy Impact:: One of: minimal, low, moderate, high
Reference:: Document specifying the entropy source

Initial Registry Contents Entropy Sources Initial Values

Value	Name	Description	Privacy Impact	Reference
1	keystroke-timing	Inter-key intervals from keyboard input	moderate	[this document]
2	pause-patterns	Gaps between editing bursts (>2 seconds)	low	[this document]
3	edit-cadence	Rhythm of insertions/deletions over time	low	[this document]
4	cursor-movement	Navigation timing within document	low	[this document]
5	scroll-behavior	Document scrolling patterns	minimal	[this document]
6	focus-changes	Application focus gain/loss events	low	[this document]

Media Types Registry This document requests registration of two media types in the "Media Types" registry .

application/vnd.example-pop+cbor Media Type

Type name:

application

Subtype name:

vnd.example-pop+cbor

Required parameters:

N/A

Optional parameters:

N/A

Encoding considerations:

binary. As a CBOR format, it contains NUL octets and non-line-oriented data.

Security considerations:

This media type contains cryptographically anchored evidence of authorship process. It does not contain active or executable content. Integrity is ensured via a HMAC-SHA256 checkpoint chain and Verifiable Delay Functions (VDFs). Privacy is maintained through author-controlled salting of content hashes as defined in . Security considerations of CBOR apply. See also of this document.

Interoperability considerations:

While the +cbor suffix allows generic parsing, full semantic validation and behavioral forensic analysis require a witnessd-compatible processor as defined in this specification. The content is a CBOR-encoded evidence-packet structure with semantic tag 1347571280.

Published specification:

[this document]

Applications that use this media type:

Generation of digital authorship evidence by the witnessd suite and WritersLogic integrated editors. Verification services, document provenance systems, academic integrity platforms.

Fragment identifier considerations:

N/A

Additional information:

Deprecated alias names for this type:: N/A
Magic number(s):: 0xD950505020 (CBOR tag encoding at offset 0)
File extension(s):: .pop
Macintosh file type code(s):: N/A

Person and email address to contact for further information:

David Condrey <david@writerslogic.com>

Intended usage:

COMMON

Restrictions on usage:

N/A

Author:

David Condrey

Change controller:

WritersLogic Inc.

Provisional registration:

application/vnd.example-war+cbor Media Type

Type name:

application

Subtype name:

vnd.example-war+cbor

Required parameters:

N/A

Optional parameters:

N/A

Encoding considerations:

binary. As a CBOR-encoded format, it contains NUL octets and non-line-oriented data.

Security considerations:

This media type conveys the final appraisal result (verdict) of an authorship attestation. (1) It does not contain active or executable content. (2) Integrity and authenticity are provided via a COSE signature that MUST be verified against the Verifier's public key. (3) The information identifies a specific document by its content hash; privacy is managed through the hash-salting protocols defined in . (4) The security considerations for CBOR and COSE apply. Users are cautioned not to rely on unsigned or unverified .war files for high-stakes authenticity claims. See also of this document.

Interoperability considerations:

The +cbor suffix allows generic CBOR tools to identify the underlying encoding. This format is a specific profile of the RATS Attestation Result and references a Proof of Process (.pop) evidence packet by UUID as defined in this specification. The content is a CBOR-encoded attestation-result structure with semantic tag 1463894560.

Published specification:

[this document]

Applications that use this media type:

Verification and display of authorship scores by publishers, academic repositories, literary journals, and the WritersLogic verification suite.

Fragment identifier considerations:

N/A

Additional information:

Deprecated alias names for this type:: N/A
Magic number(s):: 0xD957415220 (CBOR tag encoding at offset 0)
File extension(s):: .war
Macintosh file type code(s):: N/A

Person and email address to contact for further information:

David Condrey <david@writerslogic.com>

Intended usage:

COMMON

Restrictions on usage:

N/A

Author:

David Condrey

Change controller:

WritersLogic Inc.

Provisional registration:

Designated Expert Instructions The designated experts for the registries created by this document should apply the following criteria when evaluating registration requests:

Proof of Process Claim Types Registry For claim types requiring Specification Required:

The specification MUST clearly define what the claim asserts
For chain-verifiable claims, the specification MUST demonstrate that the claim can be verified solely from the Evidence packet
For monitoring-dependent claims, the specification MUST document the Attesting Environment trust assumptions
The claim name SHOULD be descriptive and follow existing naming conventions

For environmental claims requiring Expert Review:

The specification SHOULD describe implementation considerations
The claim SHOULD NOT duplicate existing claims
Privacy implications SHOULD be documented

Proof of Process VDF Algorithms Registry For experimental algorithms requiring Expert Review:

The algorithm MUST be documented with sufficient detail for independent implementation
Security analysis SHOULD be provided, even if preliminary
The algorithm SHOULD NOT be a minor variant of an existing registered algorithm
Implementation availability is encouraged but not required

Proof of Process Entropy Sources Registry For entropy sources requiring Specification Required:

The specification MUST describe how timing intervals are derived from the entropy source
Expected entropy density under typical conditions SHOULD be documented
Privacy implications MUST be clearly stated
The entropy source SHOULD provide meaningful behavioral signal that cannot be trivially simulated

References Normative References Key words for use in RFCs to Indicate Requirement Levels Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words Concise Data Definition Language (CDDL): A Notational Convention to Express Concise Binary Object Representation (CBOR) and JSON Data Structures Concise Binary Object Representation (CBOR) CBOR Object Signing and Encryption (COSE): Structures and Process Remote ATtestation procedureS (RATS) Architecture The Entity Attestation Token (EAT) CBOR Tags IANA Media Types IANA CBOR Object Signing and Encryption (COSE) IANA CBOR Web Token (CWT) Claims IANA Informative References Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) Privacy Considerations for Internet Protocols Universally Unique IDentifiers (UUIDs) Attestation Results for Secure Interactions RATS Epoch Markers EAT Attestation Results Simple Verifiable Delay Functions Efficient Verifiable Delay Functions Merkle Mountain Ranges TPM 2.0 Library Specification Trusted Computing Group

Acknowledgments The authors would like to thank the members of the IETF RATS working group for their foundational work on remote attestation architectures that this specification builds upon. Special thanks to the reviewers and contributors who provided feedback on early drafts of this specification.

Document History

draft-condrey-rats-pop-00 Initial submission.

Defined Evidence Packet (.pop) and Attestation Result (.war) formats
Specified Jitter Seal mechanism for behavioral entropy capture
Specified VDF mechanisms for temporal ordering proofs
Defined absence proof taxonomy with trust requirements
Established forgery cost bounds methodology
Added cross-document provenance linking mechanism
Added continuation tokens for multi-packet Evidence series
Added quantified trust policies for customizable appraisal
Added compact evidence references for metadata embedding
Documented security and privacy considerations
Requested IANA registrations for CBOR tags, media types, and EAT claims