Constant-Size Cryptographic Evidence Structures for Regulated AI Workflows

Abstract: This paper introduces constant-size cryptographic evidence structures, a general abstraction for representing verifiable audit evidence for AI workflows in regulated environments. Each evidence item is a fixed-size tuple of cryptographic fields, designed to (i) provide strong binding to workflow events and configurations, (ii) support constant-size storage and uniform verification cost per event, and (iii) compose cleanly with hash-chain and Merkle-based audit constructions. We formalize a simple model of regulated AI workflows, define syntax and algorithms for evidence structures, and articulate security goals such as audit integrity and non-equivocation. We present a generic hash-and-sign construction that instantiates this abstraction using a collision-resistant hash function and a standard digital signature scheme. We then show how to integrate the construction with hash-chained logs, Merkle-tree anchoring, and optionally trusted execution environments, and we analyze the asymptotic complexity of evidence generation and verification. Finally, we implement a prototype library and report microbenchmark results on commodity hardware, demonstrating that the per-event overhead of constant-size evidence is small and predictable. The design is informed by industrial experience with regulated AI systems at Codebat Technologies Inc., while the paper focuses on the abstraction, algorithms, and their security and performance characteristics, with implications for clinical trial management, pharmaceutical compliance, and medical AI governance.