Constant-Size Crypto Evidence Structures

• Constant-size cryptographic evidence structures are a fixed-length abstraction that compress and sign all event data, ensuring uniform integrity and non-equivocation.
• They use a hash-and-sign methodology with efficient composition via hash chains and Merkle trees, achieving predictable verification cost and high throughput.
• These structures are essential for regulated AI workflows, providing immutable, scalable audit trails in sectors like healthcare, pharmaceuticals, and finance.

Constant-size cryptographic evidence structures are a cryptographic abstraction optimized for generating, storing, and verifying verifiable audit evidence for AI workflows in regulated environments. In such settings, each workflow event must be bound to immutable evidence in a way that ensures integrity, non-equivocation, efficiency, and compliance with audit and regulatory requirements. The core design objective is that each evidence item—regardless of the complexity or size of the underlying event—has a strictly fixed, small size and supports uniform, predictable verification cost per event (Kao, 21 Nov 2025).

1. Mathematical Abstraction and Model

A constant-size cryptographic evidence structure is parameterized by a security parameter $\lambda$ and an integer $k$ (the number of cryptographic fields). The structure consists of:

• Event domain $E$ for workflow events.
• A family of encoding functions $\{\varphi_i: E \to \{0,1\}^*\}_{i \in I}$ where $I = \{0, 1, ..., k-1\}$.
• A collision-resistant hash function $H: \{0,1\}^* \to \{0,1\}^\lambda$.
• A signature scheme $$\Sigma = (\text{KeyGen}, \text{Sign}, \text{Verify})$$ with message space $\{0,1\}^{k \cdot \lambda}$.

The evidence-item type is

$\text{Ev} = (\{0,1\}^\lambda)^k$

i.e., a tuple of $k$ fixed-length bit-strings. Given an event $E \in E$, an evidence item is $ev = (f_0, f_1, ..., f_{k-1}) \in \text{Ev}$, together with an authenticator $\sigma = \Sigma.\text{Sign}_{sk}(ev)$. The combined size of $(ev, \sigma)$ is $k \cdot \lambda$ bits plus the (fixed) size of the signature, independent of $|\varphi_i(E)|$.

2. Integration with Regulated AI Workflow Models

Regulated AI workflows are formalized as sequences or DAGs of events $\{E\}$, where each event $E$ carries:

• A unique identifier $id(E)$,
• Structured metadata $meta(E)$ (actor, timestamp, configuration, etc.),
• Input references $in(E)$,
• Output references $out(E)$.

The complete event record is $M(E) = (id(E), meta(E), in(E), out(E))$. Evidence generation binds $ev$ to all salient information in $M(E)$, such that any tampering with an event or its metadata disrupts the cryptographic binding.

3. Core Algorithms

The evidence structure exposes the following API:

Setup:

• Input: $1^\lambda$
• Output: Public parameters $pp = (\lambda, k, \{\varphi_i\}, H, \Sigma)$

KeyGen:

• Input: $1^\lambda$
• Output: $$(sk, pk) \leftarrow \Sigma.\text{KeyGen}(1^\lambda)$$

GenEvidence:

• Input: $pp$, $sk$, $E$
• Output: $(ev, \sigma)$ where $ev \in \text{Ev}$ and $\sigma$ authenticates $ev$
• Steps:
  1. Recover $k, \{\varphi_i\}, H$ from $pp$.
  2. For $i=0\dots k-1$: $m_i \leftarrow \varphi_i(E)$; $f_i \leftarrow H(m_i)$.
  3. $ev \leftarrow (f_0,...,f_{k-1})$.
  4. $\sigma \leftarrow \Sigma.\text{Sign}_{sk}(ev)$.
  5. Return $(ev, \sigma)$.

VerifyEvidence:

• Input: $pp$, $pk$, $E$, $ev=(f_0,...,f_{k-1})$, $\sigma$

• Output: accept/reject
• Steps:
  1. Recover $\{\varphi_i\}, H$.
  2. For $i=0\dots k-1$: $m_i \leftarrow \varphi_i(E)$; if $H(m_i) \ne f_i$ return reject.
  3. If $\Sigma.\text{Verify}_{pk}(ev, \sigma)$ is false, reject.
  4. Otherwise, accept.

4. Precise Security Formulations

Two formal goals are established:

Audit Integrity: In the “Game GI,” an adversary $A$ cannot produce a tuple $(E^*, ev^*, \sigma^*)$ passing verification for an event never returned by the evidence oracle, assuming $H$ is collision-resistant and $\Sigma$ is EUF-CMA.

Non-Equivocation: In “Game GNE,” it is infeasible for $A$ to generate two distinct sequences $S \ne S'$ of evidence items linking to the same anchor (e.g., hash-chain tip or Merkle root), such that both locally verify and differ on at least one event. This is implied by the collision-resistance of $H$.

5. Hash-and-Sign Instantiation

A generic instantiation fixes $\Sigma$ as any EUF-CMA signature scheme and $H$ as a collision-resistant hash. Encoders $\varphi_i$ extract respective event features:

• $\varphi_0(E) = id(E) || time(E)$,

• $\varphi_1(E) = \text{digest of } meta(E)$,
• $\varphi_2(E) = \text{digest of } in(E)$,
• ...,
• $\varphi_{k-1}(E) = \text{context-link}$.

Each $f_i = H(\varphi_i(E))$, and $\sigma = \text{Sign}_{sk}(f_0,...,f_{k-1})$. The values $ev$ and $\sigma$ together represent constant-size, strongly bound evidence per event.

6. Compositionality: Hash Chains and Merkle Trees

Evidence structures can be composed to ensure tamper-evident audit trails and batch anchoring:

• Hash Chains: Starting from $\ell_0 = 0^\lambda$, each step links $\ell_{j} = H(\ell_{j-1}\,||\,ev_j)$. The chain tip can be anchored externally.
• Merkle Trees: Batched evidence items $\{ev_1,...,ev_n\}$ are arranged as leaves; the root $R$ serves as anchor. Each $ev_j$ can be verified with a standard Merkle proof.

Both methods preserve constant per-event data and use a short, constant-size anchor, facilitating batch and cross-organizational verification.

7. Asymptotic Complexity and Implementation

Let $k$ be fixed:

• GenEvidence: $\Theta(k)$ hashes plus $O(1)$ public-key operation.
• VerifyEvidence: $\Theta(k)$ hashes plus $O(1)$ public-key operation.
• LinkChain (n items): $\Theta(n)$ hashes.
• Merkle Tree (n items): $\Theta(n)$ hashes for tree construction.

Empirical microbenchmarks (Rust, 256-bit CRHF, Edwards-curve signature, $k=10$):

• Single-threaded: $3.5 \times 10^4$ events/s (28.4 µs/event)
• Multi-threaded (16 cores): $2.8 \times 10^5$ events/s (5.7 µs/event)
• Batch verification (CPU, 16 threads): $2.5 \times 10^5$ events/s (6.1 µs/event)
• Batch verification (GPU, $M = 10^6$): $4.0 \times 10^5$ events/s (2.5 µs/event)
• Storage for $N = 10^6$: A few GB for all $(ev, \sigma)$ pairs, which is competitive with or superior to text logs, but with cryptographic guarantees (Kao, 21 Nov 2025).

8. Industrial and Regulatory Applications

Constant-size cryptographic evidence structures are well-suited for domains requiring rigorous, scalable, and regulator-aligned auditability:

• Clinical trials: Immutable audit items for randomization, consent, data access, and AI inference.
• Pharmaceutical manufacturing: Batch decisions, QC, policy changes, and environmental logging (including TEE support).
• Medical AI governance: Tamper-evident histories for model updates, config changes, PHI access, and review events.
• Financial compliance: Transparent, fixed-size audit items for algorithm updates, sign-offs, and transaction batches.

Uniform size and layout enable efficient hardware implementations (GPU, TEE), supporting high-throughput audit with strong cryptographic semantics throughout lifecycle-critical AI workflows (Kao, 21 Nov 2025).