Proof of Process (PoP): Architecture, Evidence Format, and VDF

Proof of Process (PoP): Architecture, Evidence Format, and VDF WritersLogic Inc

San Diego, California United States david@writerslogic.com

Security Remote ATtestation procedureS attestation RATS provenance authorship VDF This document specifies the Proof of Process (PoP) Evidence Framework, a specialized profile of Remote Attestation Procedures (RATS) [RFC9334] designed to validate the provenance of effort in digital authorship. Unlike traditional provenance, which tracks file custody, PoP attests to the continuous physical process of creation. The protocol defines a cryptographic mechanism for generating Evidence Packets utilizing Proof of Biological Space-Time (PoBST) to enforce temporal monotonicity and Cross-Domain Constraint Entanglement (CDCE) to bind behavioral entropy (human jitter) and physical die thermodynamics to the document state. Technical specifications for wire formats, verifiable delay functions, and hardware-anchored trust are provided.

Introduction The rapid proliferation of generative artificial intelligence has created an authenticity crisis in digital discourse. While traditional provenance tracks the "custody of pixels," it fails to attest to the human-driven process of creation. This document specifies the Proof of Process (PoP) protocol, which extends the RATS architecture to validate the "provenance of effort." Unlike traditional attestation which captures static system state, PoP attests to a continuous physical process. It introduces Proof of Biological Space-Time (PoBST) to enforce temporal monotonicity and Cross-Domain Constraint Entanglement (CDCE) to bind behavioral entropy (human jitter) and physical state (thermodynamics) to the document's evolution. By entangling content hashes with these physical constraints, this protocol enables an Attester to generate an Evidence Packet (.pop) that cryptographically distinguishes between human generation and algorithmic simulation, preserving privacy by design without disclosing document content.

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Core Principles and Claims PoP operates on five primary constraints:

Physics-based Cost: Memory-Hard Sequential Functions (MHSF) establish an economic lower bound on forgery, ensuring consumer hardware remains competitive with specialized ASICs.
Physical Freshness: Replay and simulation attacks are defeated by anchoring sessions to irreversible physical markers (Thermal Trajectories and Kernel Entropy pools). Every session incorporates Non-deterministic Physical Freshness sampled within the AE at the start of the VDF execution.
Biological Binding: Captured human motor-signal randomness (jitter) serves as the non-deterministic seed for the spacetime proof.
Out-of-Band Presence: Utilizing secondary physical devices (e.g., smartphone QR scans) to bridge the digital-physical gap and ensure a human is in the loop.
Asymmetric Verification: PoBST allows complex 10-hour proofs to be verified in milliseconds using Pietrzak-style proofs , ensuring scalability and DoS resistance.

Protocol Rationale and Terminology The Proof of Process (PoP) framework follows the RATS architecture while introducing domain-specific extensions for physical process attestation.

PPP Evidence (.pop):: An Attester artifact containing Merkle trees, PoBST traces, and physical liveness markers (CBOR tag 1347571280).
WAR Result (.war):: A Verifier Attestation Result containing signed EAT claims and forensic assessments (CBOR tag 1463894560).
PoBST:: Proof of Biological Space-Time. A memory-hard sequential function with asymmetric verification, entangled with human jitter.
CDCE:: Cross-Domain Constraint Entanglement. The method of weaving jitter and thermodynamics into the cryptographic chain.

Attester State Machine The Attesting Environment (AE) MUST implement the following formal state machine:

RECORDING: AE captures semantic events and physical telemetry into a hash-linked buffer. Events are appended and the block hash is updated.
PENDING_CHECK: The current event block is frozen to prepare for a checkpoint. No new events are accepted into this block.
CHECKPOINT: AE computes the VDF over the entangled seed (previous hash + current jitter + physical markers).
SEALING: The Attester generates a final snapshot, signs the transcript root with a hardware Secure Element (TPM/SE), and prepares the transport container (.pop).

Evidence Content Tiers PPP Evidence packets are classified by the depth of behavioral and forensic data collected:

CORE (Tier Value 1):: Checkpoint chain with PoBST proofs, SHA-256 content binding, and physical freshness anchors. Proves temporal ordering and content integrity.
ENHANCED (Tier Value 2):: All CORE components plus behavioral entropy capture (Jitter Seals) and intra-checkpoint correlation. Adds evidence of interactive authoring behavior.
MAXIMUM (Tier Value 3):: All ENHANCED components plus CDCE, error topology analysis, and forgery cost bounds. Provides the strongest available evidence.

Attestation Assurance Levels The attestation tier system maps to established assurance frameworks including NIST SP 800-63B Authenticator Assurance Levels (AAL), ISO/IEC 29115 Levels of Assurance (LoA), and Entity Attestation Token (EAT) security levels as defined in .

Tier T1: Software-Only

Binding Strength:

none or hmac_local

NIST AAL Mapping:

AAL1

Security Properties:

VDF timing provides temporal ordering
Hash chains provide tamper evidence
Jitter entropy provides behavioral binding
No hardware root of trust; keys stored in software

Tier T2: Attested Software T2 extends T1 with optional hardware attestation hooks. The AE attempts to use platform security features (Keychain, DeviceCheck) but degrades gracefully.

Tier T3: Hardware-Bound Requires TPM 2.0 or platform Secure Enclave key binding. Evidence generation MUST fail if hardware is unavailable. AAL3 equivalent.

Tier T4: Hardware-Hardened Discrete TPM + PUF binding + Enclave execution. Anti-tamper evidence required. AAL3+ equivalent.

Profile Architecture The PPP specification defines three implementation profiles that establish Mandatory-to-Implement (MTI) requirements for interoperability.

Feature ID	Feature Name	CORE	ENHANCED	MAXIMUM
1	vdf-iterated-sha256	M	M	M
2	content-binding	M	M	M
4	checkpoint-chain	M	M	M
50	behavioral-entropy	O	M	M
105	hardware-attestation	O	O	M

Evidence Format and CDDL Evidence Packets are CBOR-encoded and identified by semantic tag 1347571280. The CDDL notation is used to define the wire format. uint, ; version 2 => tstr, ; profile-uri 3 => uuid, ; packet-id 4 => pop-timestamp, ; created 5 => document-ref, ; document 6 => [+ checkpoint], ; checkpoints ? 7 => attestation-tier, ; T1-T4 ? 8 => [* tstr], ; limitations ? 9 => profile-declaration, ; profile ? 10 => [+ presence-challenge], ; QR/OOB proofs ? 18 => physical-liveness-section, ; CDCE markers } checkpoint = { 1 => uint, ; sequence (strictly monotonic) 2 => uuid, ; checkpoint-id 3 => pop-timestamp, ; timestamp (local) 4 => hash-value, ; content-hash 5 => uint, ; char-count 6 => edit-delta, ; delta 7 => hash-value, ; prev-hash 8 => hash-value, ; checkpoint-hash 9 => process-proof, ; VDF (PoBST) 10 => jitter-binding, ; behavioral-entropy 11 => physical-state, ; CDCE Weave 12 => bstr .size 32, ; entangled-mac } document-ref = { 1 => hash-value, ; content-hash ? 2 => tstr, ; filename 3 => uint, ; byte-length 4 => uint, ; char-count ? 5 => hash-salt-mode, ; 0=unsalted, 1=author-salted ? 6 => bstr, ; salt-commitment } process-proof = { 1 => proof-algorithm, ; 1=sha256, 20=PoBST 2 => proof-params, ; VDF params 3 => bstr, ; input (seed) 4 => bstr, ; output (root) 5 => [+ Merkle-Proof], ; sampled proofs 6 => duration, ; claimed time } edit-delta = { 1 => int, ; added 2 => int, ; deleted 3 => uint, ; op-count ? 4 => [* edit-position], ; [offset, change] } physical-state = { 1 => [+ float16], ; thermal 2 => uint, ; entropy-delta ? 3 => bstr, ; kernel-state-commitment } uuid = bstr .size 16 pop-timestamp = #6.1(number) duration = float32 hash-value = { 1 => uint, 2 => bstr } ]]>

VDF Mechanisms and HAT

Memory-Hard Sequential Functions (Argon2id) The protocol requires a memory-hard sequential function to establish economic forgery bounds. Implementations MUST support Argon2id as the Mandatory-to-Implement (MTI) MHSF. The default parameters for CORE profile are: Time Cost (t)=1, Memory Cost (m)=2^16, Parallelism (p)=1.

Hardware-Anchored Time (HAT) In T3/T4 tiers, the AE MUST anchor the VDF seed to the TPM Monotonic Counter. This prevents "VDF Speed-up" attacks by ensuring that the temporal proof is bound to the hardware's internal perception of time.

IANA Considerations This document requests registration of CBOR tags 1347571280 ("PPP ") and 1463894560 ("WAR "), SMI PEN 65074, and the EAT profile urn:ietf:params:rats:eat:profile:pop:1.0.

Media Types Requests registration of application/vnd.writerslogic-pop+cbor and application/vnd.writerslogic-war+cbor.

Security Considerations This section describes security considerations for implementations of the PoP protocol. Detailed forensic security analysis is provided in the companion document .

Relay and Replay Attacks Relay attacks involve an adversary forwarding Evidence from a legitimate Attester to a Verifier. Replay attacks attempt to reuse previously valid Evidence Packets. Both attacks are defeated through Physical Freshness anchors that bind Evidence to non-deterministic physical state (thermal trajectories, kernel entropy) sampled at checkpoint creation time. Verifiers MUST reject Evidence where physical freshness markers are stale or inconsistent with claimed timestamps.

VDF Speed-up Attacks An adversary with access to specialized hardware (ASICs, FPGAs) may attempt to compress VDF computation time. The memory-hard requirement of Argon2id ensures that computation speed is bounded by memory bandwidth rather than raw compute cycles. In T3/T4 tiers, Hardware-Anchored Time (HAT) binding to TPM monotonic counters provides additional protection by ensuring temporal proofs cannot be generated faster than the hardware clock allows.

Attesting Environment Compromise A compromised Attesting Environment could generate fraudulent Evidence. The tiered attestation model (T1-T4) provides graduated trust levels. T3/T4 implementations MUST use hardware Secure Elements (TPM, SE) to protect signing keys. Evidence generated at lower tiers SHOULD be evaluated with appropriate skepticism by Relying Parties.

Jitter Simulation Sophisticated adversaries may attempt to simulate human motor-signal randomness. The protocol relies on the computational expense of generating high-fidelity biological noise that satisfies Signal-to-Noise Ratio (SNR), Cognitive Load Correlation (CLC), and Error Topology constraints simultaneously. Forgery cost bounds in the WAR quantify this economic barrier.

Denial of Service VDF verification is asymmetric by design—verification is orders of magnitude faster than generation. This ensures that Verifiers cannot be overwhelmed by computationally expensive verification requests. Implementations SHOULD implement rate limiting on Evidence submission endpoints.

References Normative References Informative References Simple Verifiable Delay Functions Proof of Process (PoP): Forensic Appraisal and Security Model

Appendix: VDF Verification Test Vectors The following test vectors can be used to validate VDF implementations: